使用https代替http
1、http模式下nginx配置
upstream django {
server 127.0.0.1:9090;
}
server {
listen 80;
server_name localhost;
charset utf-8;
access_log /root/xxx/logs/nginx_access.log;
error_log /root/xxx/logs/nginx_error.log;
client_max_body_size 80m;
location / {
include /etc/nginx/uwsgi_params;
uwsgi_pass django;
}
location /static {
alias /root/scanweb/collectstatic;
}
location /upload {
alias /root/scanweb/files;
}
}
2、https模式下nginx配置
注意:需要防火墙开放443端口
添加内容:
ssl on;
ssl_certificate /root/CHSmpSrc/keycer/certificate.crt; # 证书文件存放路径
ssl_certificate_key /root/CHSmpSrc/keycer/private.key; # 秘钥文件存放路径
完整示例:
upstream django {
server 127.0.0.1:9090;
}
server {
listen 443 ssl;
ssl on; #开启ssl证书认证
ssl_certificate /root/CHSmpSrc/keycer/certificate.crt; # 证书文件存放路径
ssl_certificate_key /root/CHSmpSrc/keycer/private.key; # 秘钥文件存放路径
server_name localhost;
charset utf-8;
access_log /root/xxx/logs/nginx_access.log;
error_log /root/xxx/logs/nginx_error.log;
client_max_body_size 80M;
location /media {
alias /root/CHSmpSrc/smpauthensrc/media;
}
location / {
include /etc/nginx/uwsgi_params;
uwsgi_pass django;
}
}
3、使80端口的http请求永久地重定向至https(既开放80端口又开放443端口)
upstream django {
server 127.0.0.1:9090;
}
server {
listen 443 ssl;
server_name localhost;
access_log /data/xxx/access.log;
keepalive_timeout 60;
ssl on; #开启ssl证书认证
# 证书路径,根据实际情况改写
ssl_certificate /root/CHSmpSrc/keycer/certificate.crt; # 证书文件存放路径
ssl_certificate_key /root/CHSmpSrc/keycer/private.key; # 秘钥文件存放路径
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# 禁止在header中出现服务器版本,防止黑客利用版本漏洞攻击
server_tokens off;
location / {
include /etc/nginx/uwsgi_params;
uwsgi_pass django;
}
}
server {
# nignx监听80端口,并重定向到https
listen 80;
server_name localhost;
# 把http的域名请求转成https
return 301 https://$host$request_uri;
}