今天公司的域名备案成功,着手开始配置项目的管理平台用域名访问,并且要使用HTTPS。
我们的项目是SpringBoot,大概的看了看SpringBoot配置起来好像也不是很方便。
因此就折中选择了Nginx做服务器,转发到Java项目,公司的服务器运维一直是自己做着,对Nginx 的基本用法和配置还是很熟悉的。
第一步,安装Nginx 可以参考我的另一篇 手把手带你在Linux centos7环境下安装Nginx 包括https开机自启等
第二步,申请SSL证书 HTTPS需要SSL证书,SSL证书的申请可以在阿里云申请。
配置Nginx 将申请的证书放在Nginx的安装目录下,我放在了 /usr/local/nginx/ssl/ 下,有两个文件,文件后缀分别为 .key和.pem
接下来在nginx.conf进行配置:
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream admin{ server 127.0.0.1:8080; //换成你java项目访问路径 } server { listen 80; server_name admin.xxxx.com; //换成你的域名 rewrite ^(.*) https://admin.xxxx.com/; //换成你的域名 location / { proxy_pass http://admin; client_max_body_size 200m; } #charset koi8-r; #access_log logs/host.access.log main; # location / { # root html; # index index.html index.htm; # } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # root html; # } error_page 400 401 403 404 405 408 /404.html; location = /404.html { root /usr/local/nginx/html/error; //自己自行配置404页面 } # redirect server error pages to the static page /50x.html # # error_page 500 502 503 504 /500.html; location = /500.html { root /usr/local/nginx/html/error; //自己自行配置500页面 } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # server { listen 443 ssl; server_name admin.xxxxx.com;//换成你自己的域名 client_max_body_size 200m; ssl_certificate /usr/local/nginx/ssl/xxxx.pem; //换成你的路径 ssl_certificate_key /usr/local/nginx/ssl/xxxx.key;//换成你的路径 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; error_page 400 401 403 404 405 408 /404.html; location = /404.html { root /usr/local/nginx/html/error; //自己自行配置404页面 } error_page 500 502 503 504 /500.html; location = /500.html { root /usr/local/nginx/html/error; //自己自行配置500页面 } location / { proxy_pass http://admin; client_max_body_size 200m; } # location / { # root html; # index index.html index.htm; # } } }防火墙配置80端口 和443端口打开。 怎么打开端口可以参考我的另一篇博文Linux系统通过firewall限制或开放端口
上面配置完成后就可以启动Nginx 了,如果没有错误的话, 现在应该是可以进行访问了。
