将crt和key配置路径配置按如下配置即可。
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.aaa.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/nginx/server.crt";
ssl_certificate_key "/etc/nginx/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /management/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:9001/management/;
}
location /b2c/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:9001/b2c/;
}
location /file/images/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:9001/file/images/;
}
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
注:由于我的服务是为服务,需要从https转发到网关。所以配置了代理转发,之间出现了权限的问题,负载均衡报错failed (13: Permission denied) while connecting to upstream,始终转发失败。解决办法如下:
1.修改nginx.conf配置文件,将第一行的user nginx改成root
2.检查网络访问的配置
getsebool -a | grep httpd_can_network_connect
如果结果是httpd_can_network_connect --> off,则需要修改成on
修改方法
(1)临时修改,SELinux命令,临时配置,重启后失效:etsebool httpd_can_network_connect=1
(2)写入配置文件的命令,重启后保留:setsebool -P httpd_can_network_connect 1
3.修改selinux
查看是否启用:sestatus -v
若显示的是SELinux status: enabled则表示已开启。
(1)临时修改:setenforce 0 表示permissive (setenforce 1 )代表enforcing(强制)
(2)永久关闭:vim /etc/selinux/config,将SELINUX=enforcing改为SELINUX=disabled
记得重启nginx,以上三种方法应该能解决此问题。
