Nginx配置域名+SSL证书生成HTTPS
原创
©著作权归作者所有:来自51CTO博客作者一把杀猪刀的原创作品,请联系作者获取转载授权,否则将追究法律责任
由于公司业务需求,搭建自己公司的APP分发平台,为了显得正规,配个域名以为就完事了,TMMD同样是APP安装包,IOS的ipa包既然不能像安卓的apk直接扔到nginx服务器中直接下载,然后就开始有了接下来的故事!!!
在服务器运营厂商购买域名,使用免费的证书(这个就不额外介绍),将申请的域名绑定服务器IP,window可以cmd,ping一下域名测试一下,通了就往下走,如果是个人申请的需要个人身份信息备案,大概1周左右吧!企业的就不需要备案!
开始进入正轨,废话不多说!!!
开撸!
- docker环境装好
- nginx环境装好
nginx配置(SSL证书需要443端口注意!!!不然启动不生效)
user root;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name 域名;
rewrite ^(.*)\#(.*)$ $1#$2 redirect;
location / {
index index.html index.htm;
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl;
server_name grey-bear.top;
#ssl on;
#root html;
index index.html index.htm;
ssl_certificate ./cert/证书.pem;
ssl_certificate_key ./cert/证书.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
root /usr/share/nginx/html;
}
}
}
nginx启动在docker中启动(注意443、443、443)
docker run -d -p 80:80 -p 443:443 --name nginx80 -v /data/nginx80/www:/usr/share/nginx/html -v /data/nginx80/conf/nginx.conf:/etc/nginx/nginx.conf -v /data/nginx80/cert:/etc/nginx/cert -v /data/nginx80/logs:/var/log/nginx nginx
然后访问https:xxxxxxxx即可
