# ningx 配置 https 协议和反向代理
# 1. 下载 1.24.0 版本的 nginx
下载成功后解压发送到服务器
# 2. 配置 nginx.config 文件
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 10;
server {
listen 80;
server_name yeblog.asia; # 您的域名
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name yeblog.asia;
ssl_certificate 1_yeblog.asia_bundle.crt; # 这个是证书的crt文件所在目录
ssl_certificate_key 2_yeblog.asia.key; # 这个是证书key文件所在目录
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html/boke1/public;
index index.html index.htm;
}
location = /50x.html {
root index.html;
}
#location / {
# proxy_pass http://localhost/8888;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto https;
# proxy_redirect http:// https://;
# }
}
}
# 3. 修改配置
将 listen 改为需要监听的端口
将 server_name 修改为自己的域名
# 4. 配置 https
下载 ssl 证书放在 nginx.config 的同级目录下配置
ssl_certificate 1_yeblog.asia_bundle.crt; # 这个是证书的crt文件所在目录
ssl_certificate_key 2_yeblog.asia.pem
# 5. 设置 https 规则
默认加密规则无需更改
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# 6. 检查与上线
1)将静态资源放在 html 里面
2)通过 nginx.config 中的 root 指定根目录
location / {
root html/boke1/public;
index index.html;
}
3)通过 nginx -t 检查配置文件是否错误
4)双击 nginx.eve 启动 nginx 服务器