获取证书
说明
证书的申请推荐阿里云,沃通等平台进行SSL证书购买。
本实例以阿里云为例
点击nginx中的下载进行下载
上传证书
以test.jepaas.com为例
上传证书如下图
解压压缩包
unzip 4044925_test.jepaas.com_nginx.zip解压后如下图
pem证书
4044925_test.jepaas.com.pem
key秘钥
4044925_test.jepaas.com.key
配置证书
本实例的配置路径:
/data/application/openresty/nginx/conf/conf.d/配置文件
jecloud.conf
配置文件内容:
server {
listen 80;
server_name 域名;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl;
server_name 域名;
ssl_certificate /data/application/openresty/nginx/cert/jecloud.net.pem;
ssl_certificate_key /data/application/openresty/nginx/cert/jecloud.net.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header Cache-Control no-cache;
charset utf-8;
#access_log /var/log/nginx/host.access.log main;
#root /data/je-platform/deploy;
#location = / {
# root /data/frontend/jecloud;
# index index.html;
#}
location /je/ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT,DELETE;
proxy_pass http://ip:3050; #改成自己代理的ip
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
client_max_body_size 500m;
client_body_buffer_size 256k;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
}
location /micro{
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT,DELETE;
add_header Cache-Control no-store;
rewrite ^/(.*) /$1/index.html last;
# #root /data/frontend/jecloud/micro/cli/;
#index index.html;
}
location /app{
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT,DELETE;
# add_header Cache-Control no-store;
add_header Cache-Control no-cache;
rewrite ^/(.*) /$1/index.html last;
# #root /data/frontend/jecloud/micro/cli/;
#index index.html;
}
location ~ .*\.(license|wav|js|css|xml|ico|png|jpg|eot|svg|ttf|woff|json|html|js|css|ico|png|jpg|gif|eot|svg|ttf|woff|json|txt|ico|mp4|gz) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT,DELETE;
root /data/frontend/jecloud;
proxy_send_timeout 1000;
proxy_read_timeout 1000;
proxy_buffer_size 256k;
proxy_buffers 8 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
#proxy_next_upstream_tries 1;
add_header Cache-Control no-cache;
#proxy_max_temp_file_size 128m;
#proxy_cache_valid 200 304 12h;
#proxy_cache_valid 301 302 1d;
#proxy_cache_valid any 1m;
#proxy_cache_key $uri$is_args$args;
#expires 30d;
}
location /jesocket {
proxy_redirect off;
#proxy_buffers 8 32k;
#proxy_buffer_size 64k;
proxy_pass http://ip:7010/jesocket; #代理socket, localhost为jesocket所在服务器ip
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_set_header Connection $connection_upgrade;
proxy_request_buffering off;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
#proxy_set_header X-NginX-Proxy true;
}
}重启openresty服务
systemctl reload openresty验证
输入域名验证
最后编辑: 翟厚翔 文档更新时间: 2025-01-15 16:00 作者:翟厚翔
