nginx配置https转http&wss转ws
【摘要】 前言安装软件下载yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-develwget http://nginx.org/download/nginx-1.17.5.tar.gztar -xzvf nginx-1.17.5.tar.gzcd nginx-1.17.5配置nginx./configure --pr...
前言
安装软件
下载
yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel wget http://nginx.org/download/nginx-1.17.5.tar.gz tar -xzvf nginx-1.17.5.tar.gzcd nginx-1.17.5
配置nginx
./configure --prefix=/usr/local/nginx --sbin-path=/usr/bin/nginx --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-stream --with-http_stub_status_module
./configure --help 可以查看配置项说明
完成之后的配置文件见:/usr/local/nginx/conf/nginx.conf,参数配置说明:https://nginx.org/en/docs/configure.html
编译
make && make install
修改配置文件
#user nobody;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server{
listen 80;
server_name domain.com; #告诉浏览器有效期内只准用 https 访问
add_header Strict-Transport-Security max-age=15768000; #永久重定向到 https 站点
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain.com; # 需要准备好证书
ssl_certificate /usr/local/nginx/conf/cr/server.pem;
ssl_certificate_key /usr/local/nginx/conf/cr/server.key;
#ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m; #协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; # 转发到http
location / {
proxy_pass http://domain.com;
}
} # wss -> ws
server {
listen 82 ssl;
server_name domain.com; # 需要准备好证书
ssl_certificate /usr/local/nginx/conf/cr/server.pem;
ssl_certificate_key /usr/local/nginx/conf/cr/server.key; #ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
#协议配置
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on; # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
# 转发到http
location / { # 转发ws地址
proxy_pass http://10.1.1.23:82;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; #由于服务器端源码(建议大家做好大小写匹配)只匹配了"Upgrade"字符串,所以如果这里填"upgrade"服务器端会将这条http请求当成普通的请求,导致websocket握手失败
proxy_set_header Connection "Upgrade";
proxy_set_header Remote_addr $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 600s;
}
}
}
重启生效
nginx -s reload
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)