https://portal.qiniu.com/certificate/ssl
nginx配置:
# https
server {
listen 443 ssl;
server_name chat.xutongbao.top;
# 付费
ssl_certificate /temp/ssl/chat.xutongbao.top/chat.xutongbao.top_cert_chain.pem; # nginx的ssl证书文件
ssl_certificate_key /temp/ssl/chat.xutongbao.top/chat.xutongbao.top_key.key; # nginx的ssl证书验证密码
# 免费
# ssl_certificate /temp/ssl/cersign/chat.xutongbao.top/chat.xutongbao.top.crt; # nginx的ssl证书文件
# ssl_certificate_key /temp/ssl/cersign/chat.xutongbao.top/chat.xutongbao.top_rsa.key; # nginx的ssl证书验证密码
proxy_send_timeout 6000s; # 设置发送超时时间,
proxy_read_timeout 6000s; # 设置读取超时时间。
#配置根目录
location / {
root /temp/yuying;
index index.html index.htm;
add_header Content-Security-Policy upgrade-insecure-requests;
}
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_pass http://yuying-api.xutongbao.top;
}
location /socket.io/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:84;
# 关键配置 start
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 关键配置 end
}
# 匹配sslCnd开头的请求,实际转发的请求去掉多余的sslCnd这三个字母
location ^~/sslCnd/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://cdn.xutongbao.top/;
}
}