期望:http://访问自动跳转https://,/项目名字/,进行springboot项目转发,其它,访问静态资源
1.获取密钥及证书(自造)
openssl req -new -nodes -newkey rsa:2048 -keyout server.key -out server.csr
openssl req -new -x509 -key server.key -out ca.crt -days 3650
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
server.key 私钥
server.csr Certificate Signing Request 证书签名请求
server.crt CA签名后的最终证书
2.配置nginx.config
首先将私钥server.key和证书server.crt复制到/usr/local/nginx/ssl目录下
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /usr/local/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/ssl/domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /home/lv/html;
autoindex on; # 开启目录文件列表
autoindex_exact_size off; # 显示出文件的确切大小,单位是bytes
autoindex_localtime on; # 显示的文件时间为文件的服务器时间
charset utf-8,gbk; # 避免中文乱码
}
location /demo/ {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_next_upstream off;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
3. springboot 配置
server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto
server.tomcat.port-header=X-Forwarded-Port
server.use-forward-headers=true
#设置服务器端口
server.port=8080
注意点:nginx配置proxy_pass的端口号8080要和springboot服务器端口号对应上
网友评论