zoukankan      html  css  js  c++  java

  • nginx 配置http和https验证

    申请SSL证书

    在腾讯云申请

     申请成功后下载到本地,上传到服务器上

    nginx配置

    假设项目名称为flask_demo

    vim /etc/nginx/nginx.conf

    http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    #include /etc/nginx/conf.d/*.conf;
    #增加配置文件
    include /etc/nginx/demo.d/flask_demo.conf;
}

    把证书文件拷贝到demo.d文件夹中

    flask_demo配置

    监听http和https两个端口

    server {
        listen 80 default backlog=2048;
        listen 443 ssl;
        server_name xx.xx.cn; #你自己的域名
        #证书文件名称
        ssl_certificate demo.d/1_xx.xx.cn_bundle.crt; #你自己的证书
        #私钥文件名称
        ssl_certificate_key demo.d/xx.xx.cn.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        charset UTF-8;
        access_log      /var/log/nginx/myweb_access.log;
        error_log       /var/log/nginx/myweb_error.log;

        client_max_body_size 75M;

        location / {
                try_files $uri @yourapplication1;
        }
      location @yourapplication1 {
      include uwsgi_params;
      uwsgi_pass unix:/home/ubuntu/data/www/logs/demo.sock;
      uwsgi_read_timeout 1800;
      uwsgi_send_timeout 300;
    }
}

    如果htttp访问的时候,报错如下:

    400 Bad Request
    The plain HTTP requset was sent to HTTPS port. Sorry for the inconvenience.
    ……
     
    原因可能是http的请求被发送到https的端口上去了,所以才会出现这样的问题。
    把ssl on;这行去掉

    验证

    https:

     http:

    HTTP 自动跳转 HTTPS 的安全配置

    server {
        #listen 80 default backlog=2048;
        listen 443 ssl;
        server_name xx.xx.cn;
        #证书文件名称
        ssl_certificate demo.d/1_xx.cn_bundle.crt;
        #私钥文件名称
        ssl_certificate_key demo.d/2_xx.cn.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        charset UTF-8;
        access_log      /var/log/nginx/myweb_access.log;
        error_log       /var/log/nginx/myweb_error.log;

        client_max_body_size 75M;

        location / {
                try_files $uri @yourapplication1;
        }
      location @yourapplication1 {
      include uwsgi_params;
      uwsgi_pass unix:/home/ubuntu/data/www/logs/demo.sock;
      uwsgi_read_timeout 1800;
      uwsgi_send_timeout 300;
    }
}
server {
        listen 80;
        server_name xx.cn; #你自己的域名
      rewrite ^(.*) https://xx.cn$1 permanent;#把http的域名请求转成https
      }

     验证:

     
  • 相关阅读:
    (Go)03.go类型
    (Go)02.go 安装delve调试工具测试
    (Go)01.Windows 安装 Go语言开发环境以及使用
    etcd创建集群并增加节点
    libhiredis.so.0.13 => not found 缺少
    Linux查找并杀死僵尸进程
    k8s istio 配置请求的路由规则
    k8s 安装并试用Istio service mesh
    k8s Job、Cronjob 的使用
    k8s Gitlab CI/CD 之自动编译Docker镜像并推送到指定的Registry
  • 原文地址:https://www.cnblogs.com/xiao-apple36/p/12723902.html
Copyright © 2011-2022 走看看