生成证书文件
生成自签名证书,并放在指定位置
$ openssl req -x509 -days 3650 -subj '/CN=odoo.youyun.com/' -nodes -newkey rsa:2048 -keyout server.key -out server.crt $ sudo mkdir /etc/ssl/nginx $ sudo mv server.key server.crt /etc/ssl/nginx
配置nginx
$ sudo rm /etc/nginx/sites-avaliable/default $ sudo vim /etc/nginx/sites-avalibale/odoo.conf
删除默认的nginx default文件,并新建odoo.conf文件,内容如下
server {
listen 443 default;
server_name _;
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
ssl on;
ssl_certificate /etc/ssl/nginx/server.crt; # 之前生成的证书和key
ssl_certificate_key /etc/ssl/nginx/server.key;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8069;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_buffer_size 128k;
proxy_buffers 16 64k;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
}
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://127.0.0.1:8069;
}
}
server { # 将80端口转到443的https中
listen 80;
server_name __;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;
}
server { # 将特定ip的8069端口转到443的https中
listen 192.168.1.102:8069; # 这是虚机的ip
server_name __;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;
}
配置访问源主机
- 安装之前生成的server.crt证书
- 修改hosts文件添加, 由于之前的证书使用的是该域名