Nginx配置ssl

nginx配置ssl实现https加密,主要是配置nginx.conf

1.编辑nginx.conf

vi /usr/local/nginx/sbin/nginx.conf 

2.找到你要配置的server，按以下结构编辑(http会强制转换https)。

server { listen 80; listen 443 ssl; server_name www.demo.com demo.com; ssl_certificate /usr/local/ssl/demo.crt; ssl_certificate_key /usr/local/ssl/demo.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; if ($server_port = 80 ) { return 301 https://$host$request_uri; } proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #让http请求重定向到https请求 error_page 497 https://$host$request_uri; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } 

1.listen:端口号（http默认80），而https则是443 ssl

2.server_name:你要配置的域名（默认localhost）

3.ssl_certificate 和ssl_certificate_key则是你的域名相关的证书和秘钥

4.location / 要匹配的路径，/全路径，proxy_pass 是跳转的地址（localhost可能解析不了，可以写成127.0.0.1）