项目开发完成后,将项目部署到服务器上时,为了保证安全性和加密通信,我们通常会配置 Nginx 作为反向代理服务器,并使用域名证书启用 HTTPS。下面将为你指导 Nginx 如何配置域名和证书。
环境准备
域名准备,提前准备好域名或重新申请一个新的域名,域名解析到你部署项目的服务器。下载好 Nginx 对应的证书,这里我用的阿里云,一个域名可以申请 20 个免费的证书(推荐)。
前后端项目部署可参考这篇文章:手把手教你部署前后端分离项目
上传证书
在安装 Nginx 的目录下创建一个 ssl 的文件夹,证书一开始下载后是一个 zpi 的压缩包,上传解压修改证书配置对应的目录即可。
有些服务器没有 zip 和 unzip 的以来和命令,执行以下一行命令
1
| yum install -y zip unzip
|
配置 ssl 及证书
ssl 配置说明,修改 linsten 对应的端口和 server_name 对应的域名
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
listen 443 default ssl;
server_name xxxxx.top;
ssl_certificate /data/nginx/ssl/sjy.pem;
ssl_certificate_key /data/nginx/ssl/sjy.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
|
Nginx 完整配置
可直接使用,修改对应的文件目录即可
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
| user root;
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 16 64K;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_types text/plain application/x-javascript text/css application/xml application/javascript;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
server {
listen 80;
server_name xxxxx.com;
rewrite ^(.*) https://$server_name$1 permanent;
charset utf-8;
location / {
root /data/pro/front/ruoyi-ui;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 default ssl;
server_name xxxxx.com;
charset utf-8;
ssl_certificate /data/nginx/ssl/sjy.pem;
ssl_certificate_key /data/nginx/ssl/sjy.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
root /data/pro/front/ruoyi-ui;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
|
替换配置后,重新加载一个 nginx.conf 的配置文件,浏览器能正常访问则说明配置成功
Nginx 常用命令
1
2
3
4
5
6
7
8
9
10
|
cd /data/nginx/sbin
./nginx
./nginx -s stop
./nginx -s quit
./nginx -s reload
./nginx -h
./nginx -t
/data/nginx/conf/nginx.conf
ps aux|grep nginx
|
微信