腾讯云配置证书

作者: 明明就_c565 | 来源:发表于2022-08-12 16:15 被阅读0次

免费获取证书

下载证书

下载侯上传至服务器解压

将crt和key文件拷贝到nginx配置网站目录

nginx配置

安装nginx

yun install nginx -y

nginx配置server如下

将 80 443端口请求对应api转到后端对应得微服务可能在本地也可能在其他主机或虚拟机

参考项目nginx配置如下

upstream websocket {

server 192.118.60.88:33305; # Websocket服务地址

}

server {

listen 192.118.60.88::8000;

listen 192.118.60.88::443 ssl;

listen 192.118.60.88::4433 ssl;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

ssl_certificate /root/ssl/server.crt;

ssl_certificate_key /root/ssl/server.key;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 5m;

ssl_protocols TLSv1.2;

ssl_ciphers HIGH:!aNULL:!eNULL:!SSLv2:!SSLv3:!ECDHE-RSA-AES256-SHA384:!AES256-SHA256:!ECDHE-RSA-AES128-SHA256:!AES128-SHA256;

ssl_prefer_server_ciphers on;

proxy_connect_timeout 60000;

proxy_send_timeout 60000;

proxy_read_timeout 60000;

underscores_in_headers on;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.0;

gzip_comp_level 2;

gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

gzip_vary off;

gzip_disable "MSIE [1-6]\.";

root /opt/haihe/front/dist/front/static;

index index.html index.htm;

proxy_request_buffering off;

proxy_buffering off;

client_max_body_size 102400M;

location / {

gzip_static on;

add_header Cache-Control no-store;

try_files $uri $uri/ /index.html;

}

location ^~ /files/book/ {

gzip_static on;

expires max;

add_header Cache-Control public;

# root /opt/haihe/front/dist/;

}

location ~ .*/vapp/.*\.(png|ico)$ {

autoindex on;

autoindex_exact_size off;

autoindex_localtime on;

root /upload/packages/;

}

location ~* \.(gif|jpg|svg|jpeg|png|css|js|ico|mp3|MP3|tmpl)$ {

gzip_static on;

expires max;

add_header Cache-Control public;

root /opt/haihe/front/dist/;

}

location ^~ /workers/ {

root /opt/haihe/front/dist/front/static/;

}

location ~* \.(eot|svg|ttf|woff|woff2)$ {

gzip_static on;

expires max;

add_header Cache-Control no-store;

root /opt/haihe/front/dist/;

}

location ~* \.(msi|rar|mp3|MP3)$ {

gzip_static on;

expires max;

add_header Cache-Control public;

}

location ^~ /websocket {

proxy_pass http://websocket;

proxy_redirect off;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

location /api/ {

proxy_pass http://view-server:33601/; # view-server配置在hosts文件

}

location /uploadUpgradeFile {

proxy_pass http://view-server:33601/terminal-pkg/uploadUpgradeFile;

}

location /api/notification/health {

proxy_pass http://view-message:11305/check; # msg check

}

location /healthForCS {

proxy_set_header IsFilterData "True";

proxy_pass http://view-server:33601/profile/healthForCS;

}

location /listLicenseForCS {

proxy_pass http://view-server:33601/license/listLicenseForCS;

}

location /uploadImage {

proxy_ssl_verify off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header REMOTE-HOST $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

set $flag 0;

set $upload_method POST;

if ($http_x_zone_ip != '') {

set $flag upload;

}

if ($http_x_iaas_type = 'OSTACKP') {

set $flag "${flag}OSTACKP";

}

if ($flag = "upload") {

proxy_pass https://$http_x_zone_ip/uploadapi/uploadImageByHttp;

}

if ($flag = "uploadOSTACKP") {

set $upload_method PUT;

proxy_pass http://$http_x_zone_ip$http_x_image_url;

}

proxy_method $upload_method;

}

location /files/ {

#autoindex on;

autoindex_exact_size off;

autoindex_localtime on;

root /upload/packages/;

}

server {

listen 127.0.0.1:33602;

proxy_send_timeout 600;

proxy_read_timeout 600;

proxy_connect_timeout 600;

client_max_body_size 500M;

location /files/ {

#autoindex on;

autoindex_exact_size off;

autoindex_localtime on;

root /upload/packages/;

}

server {

listen 192.118.60.88:80;

rewrite ^ https://$host:33609$request_uri? permanent;

}

server {

listen 192.118.60.88:11609 ssl;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

ssl_certificate /root/ssl/server.crt;

ssl_certificate_key /root/ssl/server.key;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 5m;

ssl_protocols TLSv1.2;

ssl_ciphers HIGH:!aNULL:!eNULL:!SSLv2:!SSLv3:!ECDHE-RSA-AES256-SHA384:!AES256-SHA256:!ECDHE-RSA-AES128-SHA256:!AES128-SHA256;

ssl_prefer_server_ciphers on;

proxy_connect_timeout 600;

proxy_send_timeout 600;

proxy_read_timeout 600;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.0;

gzip_comp_level 2;

gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

gzip_vary off;

gzip_disable "MSIE [1-6]\.";

root /opt/haihe/front/dist/downloadPortal;

index index.html index.htm;

proxy_request_buffering off;

proxy_buffering off;

client_max_body_size 300M;

location / {

gzip_static on;

add_header Cache-Control no-store;

try_files $uri $uri/ /index.html;

}

location /api/ {

proxy_pass http://view-server:33601/;

}

location /files/ {

#autoindex on;

autoindex_exact_size off;

autoindex_localtime on;

add_header Access-Control-Allow-Origin *;

add_header Access-Control-Allow-Credentials true;

root /upload/packages/;

}

参考：

https://blog.csdn.net/efew212efe/article/details/124045429

网友评论

本文标题：腾讯云配置证书

本文链接：https://www.haomeiwen.com/subject/gczxgrtx.html

延伸阅读

深度阅读

您也可以注册成为美文阅读网的作者，发表您的原创作品、分享您的心情！

腾讯云配置证书

下载证书

nginx配置

相关文章

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读