nginx实现http访问

   server {

        listen        default_server;

        listen       [::]: default_server;

        server_name  _;

        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

          proxy_pass http://10.10.137.5:8080/;

        }

       error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

nginx.conf

nginx由http升级为https

.创建服务器证书密钥文件 server.key:

openssl genrsa -des3 -out server.key

输入密码,确认密码,自己随便定义,但是要记住,后面会用到。

.创建服务器证书的申请文件 server.csr

openssl req -new -key server.key -out server.csr

输出内容为:

Enter pass phrase for root.key: ← 输入前面创建的密码

Country Name ( letter code) [AU]:CN ← 国家代号,中国输入CN

State or Province Name (full name) [Some-State]:BeiJing ← 省的全名,拼音

Locality Name (eg, city) []:BeiJing ← 市的全名,拼音

Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名

Organizational Unit Name (eg, section) []: ← 可以不输入

Common Name (eg, YOUR name) []: ← 此时不输入

Email Address []:admin@mycompany.com ← 电子邮箱,可随意填

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []: ← 可以不输入

An optional company name []: ← 可以不输入

.备份一份服务器密钥文件

cp server.key server.key.org

.去除文件口令

openssl rsa -in server.key.org -out server.key

.生成证书文件server.crt

openssl x509 -req -days  -in server.csr -signkey server.key -out server.crt

生成证书和私钥

[root@hz]# cd /etc/nginx/key

[root@hz]# openssl genrsa -des3 -out server.key

Generating RSA private key,  bit long modulus

..........................................++++++

....................++++++

e is  (0x10001)

Enter pass phrase for server.key:

Verifying - Enter pass phrase for server.key:

[root@hz-ds-itstool--- key]# ls

server.key

[root@hz-ds-itstool--- key]# openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name ( letter code) [XX]:CN

State or Province Name (full name) []:beijing

Locality Name (eg, city) [Default City]:beijing

Organization Name (eg, company) [Default Company Ltd]:beijing

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@hz-ds-itstool--- key]# cp server.key server.key.org

[root@hz-ds-itstool--- key]# openssl rsa -in server.key.org -out server.key

Enter pass phrase for server.key.org:

writing RSA key

[root@hz-ds-itstool--- key]# openssl x509 -req -days  -in server.csr -signkey server.key -out server.crt

Signature ok

subject=/C=CN/ST=beijing/L=beijing/O=beijing

Getting Private key

[root@hz-ds-itstool--- key]# ls

server.crt  server.csr  server.key  server.key.org

实例生成配置

# For more information on configuration, see:

#   * Official English Documentation: http://nginx.org/en/docs/

#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

    worker_connections 1024;

}

http {

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;

    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  _;

        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

          proxy_pass http://10.199.137.5:8095/;

        }

        error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

# Settings for a TLS enabled server.

#

server {

  listen 443;  # https默认使用443端口

  server_name 10.199.137.5;  # 将0.0.0.0替换为你的网站域名或ip

  ssl on;

  ssl_certificate /etc/nginx/key/server.crt;

  ssl_certificate_key /etc/nginx/key/server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv2 SSLv3 TLSv1;

  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

  ssl_prefer_server_ciphers on;

  location / {

       proxy_pass http://10.199.137.5:8095/;

   }

 }

}

实例nginx.conf

http和https共存访问

强制https访问

server {

        listen ;

        server_name localhost_tp.com;//注意改为自己的域名

        rewrite ^(.*)$  https://$host$1 permanent;

}

配置项

# For more information on configuration, see:

#   * Official English Documentation: http://nginx.org/en/docs/

#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

    worker_connections 1024;

}

http {

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;

    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  10.199.137.5;

        rewrite ^(.*)$  https://$host$1 permanent;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

          proxy_pass http://10.199.137.5:8095/;

        }

        error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

# Settings for a TLS enabled server.

#

server {

  listen 443 ssl;   # https默认使用443端口

  server_name 10.199.137.5;  # 将0.0.0.0替换为你的网站域名或ip

  ssl_certificate /etc/nginx/key/server.crt;

  ssl_certificate_key /etc/nginx/key/server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv2 SSLv3 TLSv1;

  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

  ssl_prefer_server_ciphers on;

  location / {

       proxy_pass http://10.199.137.5:8095/;

  }

 }

}

nginx.conf

配置后输入http地址后自动跳转到https访问地址

web由http升级为https搭建的更多相关文章

  1. Go语言及Web框架Beego环境无脑搭建

    [原]Go语言及Web框架Beego环境无脑搭建 本文涉及软件均以截至到2013年10月12日的最新版本为准 1. 相关软件准备: 1) go1.2rc1.windows-386.msi,对应32位w ...

  2. 从 http 升级到 https 过程中遇到的一些问题

    Apple 2017年1月1号起要求Appstore 上线的应用都必须使用 https 加密请求协议,在二月份又改为建议 从 http 升级为 https 协议,此为背景. 公司做的APP同时在App ...

  3. 网站通信协议升级到HTTPS&HTTP2

    为何要升级到HTTPS和HTTP2? http://baijiahao.baidu.com/s?id=1602041305989767011&wfr=spider&for=pc htt ...

  4. Http升级到Https (本地测试,无须域名和认证)

    在之前的语音识别的项目中,一切都在本地进行得很顺利,然后把写的Demo部署到服务器上给老大看的时候,通过IP访问(http://192.168.145.170:8080这样的形式)时,从一开始就坏掉了 ...

  5. Nginx http升级到https

    http和https的区别是 有的网站,http打开的时候,页面提示不安全,比如你点击下面的网站 [其实是同一个网站] http://www.511easy.com/bug/login http:// ...

  6. office web apps安装部署,配置https,负载均衡(七)配置过程中遇到的问题详细解答

    该篇文章,是这个系列文章的最后一篇文章,该篇文章将详细解答owa在安装过程中常见的问题. 如果您没有搭建好office web apps,您可以查看前面的一系列文章,查看具体步骤: office we ...

  7. nodejs从http升级到https(阿里云证书的使用)

    升级原因 1.各大搜索引擎中,https的网页的权重比一般的http的网页权重要高. 2.从用户体验的角度,一个老是被浏览器提醒该网页不可信的网页,总不会让用户感到安心 所以将网站从http升级为ht ...

  8. 全站从http升级到https(WordPress博客)

    最近几年HTTPS取代HTTP已经成为大趋势,HTTP是超文本传输协议,信息是明文传输的,而HTTPS是安全超文本传输协议,需要证书和提供安全连接,换句话说,HTTPS是嵌套了SSL加密的HTTP连接 ...

  9. 基于RHCS的web双机热备集群搭建

    基于RHCS的web双机热备集群搭建 RHCS集群执行原理及功能介绍 1. 分布式集群管理器(CMAN)  Cluster Manager.简称CMAN.是一个分布式集群管理工具.它执行在集群的各个节 ...

随机推荐

  1. SparkSQL 中 RDD 、DataFrame 、DataSet 三者的区别与联系

    一.SparkSQL发展: Shark是一个为spark设计的大规模数据仓库系统,它与Hive兼容      Shark建立在Hive的代码基础上,并通过将Hive的部分物理执行计划交换出来(by s ...

  2. Scrapy笔记07- 内置服务

    Scrapy笔记07- 内置服务 Scrapy使用Python内置的的日志系统来记录事件日志. 日志配置 LOG_ENABLED = true LOG_ENCODING = "utf-8&q ...

  3. Spring Cloud微服务安全实战_2-1_开发环境

    开发环境: JDK  :1.8 IDE : idea  数据库:mysql 5.6.5 框架:springboot,mybatisplus PGA:(后边用到再安装) Promethus (普罗米修斯 ...

  4. axios post方式请求x-ww格式的数据

    //使用axios时,要确定是json格式还是x-www格式的,axios默认是json格式的,如果是x-ww格式需要做如下配置: let url = "/hehe/site/getcomm ...

  5. Apache tomcat高可用web集群搭建过程配置记录

    说明,本文仅作为个人搭建配置保存,问题处理没有一一列出,过程也未见详尽,有问题的朋友可以直接留言给我,会一一回复,谢谢. 小目标: 支持故障转移(或主备,扩展性不佳),保证故障转移后,对前端用户透明, ...

  6. python mysqldb批量执行语句executemany

    MySQLdb提供了两个执行语句的方法,一个是execute(),另一个是executemany() execute(sql) 可接受一条语句从而执行 executemany(templet,args ...

  7. NanoPi NEO Plus2开发环境搭建

    1.前言 NanoPi NEO Plus2是友善电子推出的一款非常小巧精致的开源硬件,该开源硬件的CPU是基于Allwinner公司的64位四核ARM Cortex-A53处理器H5,并且内置了六核M ...

  8. 网关/负载均衡下的consul集群代理

    之前有做过使用单机版的consul实现Prometheus服务注册,以为使用集群版的consul只是将consul服务地址从节点IP变为了网关IP.但比较坑的就是,当使用consul注册一个servi ...

  9. 源码casino-server剖析(1)--游戏服务的整体架构和实现

    前言: 最近研究了一些游戏服务器的架构和实现, github上找了几个开源的实现. 有几个感觉不错, 打算仔细研读一下. 游戏服务器种类繁多, 这边主要是基于状态同步的棋牌类游戏, 适合入门, ^_^ ...

  10. pip install 时报错 pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

    pip install 时报错: pip is configured with locations that require TLS/SSL, however the ssl module in Py ...