1. 查找nginx 的安裝位置:
root@VERDE-SICC-APPLICATION1:/# find / -name 'nginx'
/home/apache/blueview-tomcat/webapps/ROOT/static/vendor/editormd/lib/codemirror/mode/nginx
/etc/default/nginx
/etc/nginx
/etc/logrotate.d/nginx
/etc/init.d/nginx
/etc/ufw/applications.d/nginx
/var/lib/nginx
/var/log/nginx
/usr/lib/nginx
/usr/sbin/nginx
/usr/share/nginx
/usr/share/doc/nginx
root@VERDE-SICC-APPLICATION1:/# find / -name 'nginx.conf'
/etc/nginx/nginx.conf
2. 上傳證書:
root@VERDE-SICC-APPLICATION1:/etc/nginx# ls
conf.d fastcgi_params koi-win modules-available nginx.conf scgi_params sites-enabled uwsgi_params
fastcgi.conf koi-utf mime.types modules-enabled proxy_params sites-available snippets win-utf
root@VERDE-SICC-APPLICATION1:/etc/nginx# mkdir cert
root@VERDE-SICC-APPLICATION1:/etc/nginx# rz
ZMODEM Session started e50
------------------------
Sent 8444101_cloud.hnverde.com_nginx.zip
root@VERDE-SICC-APPLICATION1:/etc/nginx# ls
8444101_cloud.hnverde.com_nginx.zip conf.d fastcgi_params koi-win modules-available nginx.conf scgi_params sites-enabled uwsgi_params
cert fastcgi.conf koi-utf mime.types modules-enabled proxy_params sites-available snippets win-utf
root@VERDE-SICC-APPLICATION1:/etc/nginx#
3. 移動(dòng)證書到 cert 文件夾
root@VERDE-SICC-APPLICATION1:/etc/nginx# mv 8444101_cloud.hnverde.com_nginx.zip cert
root@VERDE-SICC-APPLICATION1:/etc/nginx# ls
cert fastcgi.conf koi-utf mime.types modules-enabled proxy_params sites-available snippets win-utf
conf.d fastcgi_params koi-win modules-available nginx.conf scgi_params sites-enabled uwsgi_params
root@VERDE-SICC-APPLICATION1:/etc/nginx# cd cert
root@VERDE-SICC-APPLICATION1:/etc/nginx/cert# ls
8444101_cloud.hnverde.com_nginx.zip
root@VERDE-SICC-APPLICATION1:/etc/nginx/cert# unzip 8444101_cloud.hnverde.com_nginx.zip
Archive: 8444101_cloud.hnverde.com_nginx.zip
Aliyun Certificate Download
inflating: 8444101_cloud.hnverde.com.pem
inflating: 8444101_cloud.hnverde.com.key
root@VERDE-SICC-APPLICATION1:/etc/nginx/cert# ls
8444101_cloud.hnverde.com.key 8444101_cloud.hnverde.com_nginx.zip 8444101_cloud.hnverde.com.pem
4. 配置
server{
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.hnverde.com.pem;
ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
proxy_pass http://cloud.hnverde.com;
index index.html index.htm;
}
location ~ .*.(jpg|jpeg|gif|png|swf|rar|zip|css|js)$ {
proxy_pass http://cloud.hnverde.com;
}
}
5. 完整nginx.conf 配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http{
server{
listen 80;
server_name cloud.hnverde.com;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ @router;
index index.html;
}
location @router {
rewrite ^.*$ https://$host$1;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
##
# Basic Settings
##
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.hnverde.com.pem;
ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
https.png
6. 前端可以了队他,但是后臺(tái)還不是https 的,所以顯示跨域問題
# 重新加載配置
nginx -s reload
7. 后臺(tái)以轉(zhuǎn)發(fā)方式完成,配置如下
代理轉(zhuǎn)發(fā)過程.png
nginx.conf 配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http{
#server{
# listen 80;
# server_name cloud.****.com;
# location / {
# root /usr/share/nginx/html;
# try_files $uri $uri/ @router;
# index index.html;
# }
#}
server {
listen 80;
#請?zhí)顚懡壎ㄗC書的域名
server_name cloud.***.com;
#把http的域名請求轉(zhuǎn)成https
return 301 https://$host$request_uri;
}
##
# Basic Settings
##
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server{
##
# SSL Settings
##
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.***.com.pem;
ssl_certificate_key cert/8444101_cloud.****.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
#網(wǎng)站主頁路徑淑蔚。此路徑僅供參考,具體請您按照實(shí)際目錄操作。
#例如炊汹,您的網(wǎng)站主頁在 Nginx 服務(wù)器的 /etc/www 目錄下,則請修改 root 后面的 html 為 /etc/www逃顶。
root /usr/share/nginx/html;
index index.html index.htm;
}
location /api { #后端接口配置
proxy_pass http://120.77.**.**:6557/api; #本機(jī)的9999后端api接口讨便,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
8. 訪問地址:
https://120...195:443/api/Login/GetCode
訪問后臺(tái).png
9. 同理,server.js 里面配置也要變:
server.js.2.png
10. 補(bǔ)充以政,項(xiàng)目圖片放在Data目錄下霸褒,所以要在 nginx.conf 加入
location /Data { #獲取后端圖片
proxy_pass http://120.77.144.195:6557/Data; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
// 同理
location /Log { #后端接口配置
proxy_pass http://120.77.144.195:6557/Log; #本機(jī)的9999后端api接口盈蛮,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /DownLoad { #后端接口配置
proxy_pass http://120.77.144.195:6557/DownLoad; #本機(jī)的9999后端api接口废菱,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
- 部分頁面 Data 下面的圖片單獨(dú)訪問沒問題,在頁面中訪問就會(huì)跨域(調(diào)用騰訊地圖,并替換底圖的圖片)昙啄,修改如下
location /Data {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified- Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
#后端接口配置
proxy_pass http://120.77.144.195:6557/Data; #本機(jī)的9999后端api接口穆役,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
- 完整的 nginx.conf 如下:
root@VERDE-SICC-APPLICATION1:~# cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http{
#server{
# listen 80;
# server_name cloud.hnverde.com;
# location / {
# root /usr/share/nginx/html;
# try_files $uri $uri/ @router;
# index index.html;
# }
#}
server {
listen 80;
#請?zhí)顚懡壎ㄗC書的域名
server_name cloud.hnverde.com;
#把http的域名請求轉(zhuǎn)成https
return 301 https://$host$request_uri;
}
##
# Basic Settings
##
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server{
##
# SSL Settings
##
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.hnverde.com.pem;
ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
#網(wǎng)站主頁路徑。此路徑僅供參考梳凛,具體請您按照實(shí)際目錄操作耿币。
#例如,您的網(wǎng)站主頁在 Nginx 服務(wù)器的 /etc/www 目錄下韧拒,則請修改 root 后面的 html 為 /etc/www淹接。
root /usr/share/nginx/html;
index index.html index.htm;
}
location /api { #后端接口配置
proxy_pass http://120.77.144.195:6557/api; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Data { #后端接口配置
proxy_pass http://120.77.144.195:6557/Data; #本機(jī)的9999后端api接口叛溢,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Log { #后端接口配置
proxy_pass http://120.77.144.195:6557/Log; #本機(jī)的9999后端api接口塑悼,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /DownLoad { #后端接口配置
proxy_pass http://120.77.144.195:6557/DownLoad; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
11. 上傳限制
- nginx.conf 加入如下配置
client_max_body_size 2000M; #允許客戶端請求的最大單文件字節(jié)數(shù)
client_body_buffer_size 128k; #緩沖區(qū)代理緩沖用戶端請>求的最大字節(jié)數(shù)
fastcgi_intercept_errors on;
- nginx.conf 完整配置如下:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http{
#server{
# listen 80;
# server_name cloud.hnverde.com;
# location / {
# root /usr/share/nginx/html;
# try_files $uri $uri/ @router;
# index index.html;
# }
#}
server {
listen 80;
#請?zhí)顚懡壎ㄗC書的域名
server_name cloud.hnverde.com;
#把http的域名請求轉(zhuǎn)成https
return 301 https://$host$request_uri;
}
##
# Basic Settings
##
client_max_body_size 2000M; #允許客戶端請求的最大單文件字節(jié)數(shù)
client_body_buffer_size 128k; #緩沖區(qū)代理緩沖用戶端請>求的最大字節(jié)數(shù)
fastcgi_intercept_errors on;
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server{
##
# SSL Settings
##
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.hnverde.com.pem;
ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
#網(wǎng)站主頁路徑楷掉。此路徑僅供參考厢蒜,具體請您按照實(shí)際目錄操作。
#例如烹植,您的網(wǎng)站主頁在 Nginx 服務(wù)器的 /etc/www 目錄下斑鸦,則請修改 root 后面的 html 為 /etc/www。
root /usr/share/nginx/html;
index index.html index.htm;
}
location /api { #后端接口配置
proxy_pass http://120.77.144.195:6557/api; #本機(jī)的9999后端api接口草雕,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Data {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified- Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
#后端接口配置
proxy_pass http://120.77.144.195:6557/Data; #本機(jī)的9999后端api接口巷屿,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Log { #后端接口配置
proxy_pass http://120.77.144.195:6557/Log; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /DownLoad { #后端接口配置
proxy_pass http://120.77.144.195:6557/DownLoad; #本機(jī)的9999后端api接口墩虹,注意這個(gè)端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
