期望:http://訪問自動跳轉(zhuǎn)https://,/項目名字/,進行springboot項目轉(zhuǎn)發(fā)粪摘,其它瀑晒,訪問靜態(tài)資源
1.獲取密鑰及證書(自造)
openssl req -new -nodes -newkey rsa:2048 -keyout server.key -out server.csr
openssl req -new -x509 -key server.key -out ca.crt -days 3650
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
server.key 私鑰
server.csr Certificate Signing Request 證書簽名請求
server.crt CA簽名后的最終證書
2.配置nginx.config
首先將私鑰server.key和證書server.crt復(fù)制到/usr/local/nginx/ssl目錄下
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /usr/local/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/ssl/domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /home/lv/html;
autoindex on; # 開啟目錄文件列表
autoindex_exact_size off; # 顯示出文件的確切大小,單位是bytes
autoindex_localtime on; # 顯示的文件時間為文件的服務(wù)器時間
charset utf-8,gbk; # 避免中文亂碼
}
location /demo/ {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_next_upstream off;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
3. springboot 配置
server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto
server.tomcat.port-header=X-Forwarded-Port
server.use-forward-headers=true
#設(shè)置服務(wù)器端口
server.port=8080
注意點:nginx配置proxy_pass的端口號8080要和springboot服務(wù)器端口號對應(yīng)上
