nginx reverse proxy settings ssl, support https
The http_ssl_module module needs to be enabled (the production environment itself already exists)
Create a new ssl.conf folder in the nginx configuration directory and cd to ssl.conf
The first step is to generate the key: openssl genrsa -des3 -out c.com.key 1024
Enter the setup password: 123456 and enter it again.
The second step is to generate a certificate request: openssl req -new -key c.com.key -out c.com.csr
Enter the password you just set
The third step is to copy a key file that does not require a password: openssl rsa -in c.com.key -out c.comss.key
Enter the set password
The fourth step is to configure your own certificate: openssl x509 -req -days 365 -in c.com.csr -signkey c.com.key -out c.com.crt
two. nginx.conf configuration file
Add a server,
server {
listen 443 ssl;
server_name www.test.com;
ssl_certificate ssl.conf/c.com.crt;
ssl_certificate_key ssl.conf/c.com.key;
location / {
root /usr/local/nginx/html;
}
}
Test: configure hosts locally, visit https://www.test.com/test.html in browser
Access appears: There is a problem with the security certificate of this website, then the configuration is ok, and the production environment can put the purchased certificate on it.
three. Nginx uses the 443 interface to accept requests, and uses other ports for back-to-source request data. The (so-called proxy) configuration is as follows:
upstream test {
ip_hash;
server 192.168.1.100:8090 weight=2;
server 192.168.1.101:8091 weight=1;
}
server {
listen 443 ssl;
server_name www.test.com;
ssl_certificate ssl.conf/c.com.crt;
ssl_certificate_key ssl.conf/c.com.key;
location / {
proxy_pass http://test;
}
}
4. The configuration of [http and https co-recommended] is as follows:
upstream test {
ip_hash;
server 192.168.1.100:8090 weight=2;
server 192.168.1.101:8091 weight=1;
}
server {
listen 80;
listen 443 ssl;
server_name
www.test.com
;
ssl_certificate ssl.conf/c.com.crt;
ssl_certificate_key ssl.conf/c.com.key;
location / {
proxy_pass
http://test
;
}
}
Fives,
upstream test {
ip_hash;
server 192.168.1.100:8090 weight=2;
server 192.168.1.101:8091 weight=1;
}
server {
listen 80;
server_name www.test2.com;
location / {
rewrite ^(.*)$ https://$host$1 permanent; #Actually jump to port 443 below here
}
}
server {
listen 443 ssl;
ssl_certificate ssl.conf/c.com.crt;
ssl_certificate_key ssl.conf/c.com.key;
location / {
proxy_pass
http://test
;
}
}