http默然端口:80
https默然端口:443
301 redirect: 301 代表永久性转移(Permanently Moved)
302 redirect: 302 代表暂时性转移(Temporarily Moved )
ubuntu 写shell用 #!/bin/bash
centos 写shell用 #!/bin/sh
1、首先要有nginx
2、生成证书
#1.创建服务器证书密钥文件 server.key:
openssl genrsa -des3 -out server.key 1024
#2.创建服务器证书的申请文件 server.csr
openssl req -new -key server.key -out server.csr
#3.备份一份服务器密钥文件
mv server.key server.origin.key
#4.去除文件口令
openssl rsa -in server.origin.key -out server.key
#5.生成证书文件server.crt
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
echo "Copy server.crt to /etc/nginx/ssl/server.crt"
echo "Copy server.key to /etc/nginx/ssl/server.key"
echo "Add configuration in nginx:"
echo "server {"
echo " ..."
echo " listen 443 ssl;"
echo " ssl_certificate /etc/nginx/ssl/server.crt;"
echo " ssl_certificate_key /etc/nginx/ssl/server.key;"
echo "}"
3、可参考:http://www.cnblogs.com/jingxiaoniu/p/6745254.html
4、生成完证书后,且拷贝到相应目录下后,配置nginx下的配置文件即可
upstream webservice{
ip_hash;
server 127.0.0.1:80001;
server xx.xx.xx.xx:80001;
#这里设置负载均衡
}
upstream fish{
ip_hash;
server 127.0.0.1:80002;
}
server {
listen 80 default_server;
#rewrite https://www.baidu.com/$request_uri permanent;
return 301 https://xxx$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
root /xx/xx;
index index.php index.html index.htm;
server_name localhost;
location / {
root /xx/xx/server/Web;
index index.html;
}
location /admin {
alias /xx/xx/server/admin/app/;
index index.html;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* /abc/w/(webservice|fish) {
proxy_pass https://$1;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Host $host;
#proxy_ssl on;
proxy_ssl_certificate /etc/nginx/ssl/server.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/server.key;
#proxy_ssl_verify on;
proxy_ssl_session_reuse on;
}
}
5、重启nginx即可
网友评论