本文共 3279 字,大约阅读时间需要 10 分钟。
1)检查 Nginx 是否支持 SSL/usr/local/nginx/sbin/nginx -Vconfigure arguments中是否有--with-http_ssl_module如:nginx version: nginx/1.13.4built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)built with OpenSSL 1.0.2k-fips 26 Jan 2017TLS SNI support enabledconfigure arguments: --with-http_ssl_module2) 若不支持,为nginx添加SSL 模块进入nginx安装目录执行:./configure --with-http_ssl_module 然后,注意不要make installmake3)备份原 Nginx 执行脚本mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old4)将新版本 Nginx 编译脚本放到可执行文件目录下cd objs/ cp nginx /usr/local/nginx/sbin/5)进行平滑升级make upgrade再次检查是否安装成功:/usr/local/nginx/sbin/nginx -V
server { listen 443 ssl;# https默认是443,可以改为其他端口,但是前台访问是需要用域名:端口 server_name 自己的域名; ssl_certificate cert/4290183_.pem(自己的文件,申请证书后下载解压后的文件); ssl_certificate_key cert/4290183_.key(自己的文件,申请证书后下载解压后的文件); ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { #root html; #index index.html index.htm; root /opt/web/itsm/dist/; try_files $uri /index.html = 404; } location /api { proxy_redirect off; proxy_set_header Host $host:443; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://自己的域名:6029; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; proxy_connect_timeout 150s; proxy_send_timeout 150s; proxy_read_timeout 150s; } location /api/wss { proxy_pass http://自己的域名:6029; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Origin ""; proxy_redirect off; proxy_read_timeout 600s; } }
server.xml文件中需要修改如下配置
web.xml中配置添加如下信息(可选)
CLIENT-CERT Client Cert Users-only Area SSL /* CONFIDENTIAL
转载地址:http://ggcrn.baihongyu.com/