阿里雲域名及ssl證書配置(nginx)

    今天小程序後臺，阿里雲需要配置域名，域名爲www.xxxx.com，參考網上博客。

參考博客:https://www.cnblogs.com/fangke/p/10231060.html

1)購買阿里雲域名，並掛上去。申請個免費的ssl證書,下載tomcat證書,

2).pfx文件放springboot根文件

3)yml文件配置SSL

server:
  port: 8888
  ssl:
    enable: true
    key-store: 你自己的tomcat證書名字
    key-store-password: 你下載下來tomcat證書裏的密碼

4)不在贅述  下載nginx的 sll證書  阿里雲nginx.conf的配置:

#user  nobody;
worker_processes  1;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

	#後端
    server {
		listen 443 ssl;   #SSL協議訪問端口號爲443。此處如未添加ssl，可能會造成Nginx無法啓動。
		server_name www.xxxx.com;  #將localhost修改爲您證書綁定的域名，例如：www.example.com。
		index index.html index.htm;
		root  D:/nginx-1.16.1/dist;  #dist上傳的路徑
		
		ssl_certificate D:/nginx-1.16.1/cert/3097615_www.xxxx.com.pem;   #將domain name.pem替換成您證書的文件名。
		ssl_certificate_key D:/nginx-1.16.1/cert/3097615_www.xxxx.com.key;   #將domain name.key替換成您證書的密鑰文件名。
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用該協議進行配置。
		
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout 5m;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
		ssl_prefer_server_ciphers on;

		location /api/ {
			proxy_pass https://www.xxxx.com:8000; #這裏的端口記得改成項目對應的哦
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Forwarded-Port $server_port;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
        }
		
		location /auth/ {
			proxy_pass https://www.xxxx.com:8000; #這裏的端口記得改成項目對應的哦
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Forwarded-Port $server_port;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
        }
    }
	
	#前端
	server {
		listen        80;
		server_name    www.xxxx.com;
		
		rewrite ^(.*)$ https://$host$1 permanent;
    }

}

參考博客:

https://blog.csdn.net/u013009808/article/details/83044933

 

https://www.cnblogs.com/onetwo/p/10369644.html

說明：下面的配置是對443端口和80端口進行監聽，443端口要啓用ssl。監聽443端口的server配置可以仿照上面ca認證頁面的nginx配置示例進行配置。

重啓nginx,調用www.xxxx.com,服務啓用成功

總結:vue前端的用  www.xxxx.com:80   經過listen 443  ssl    到springboot後端  https://www.xxxx.com:8000