將crt和key配置路徑配置按如下配置即可。
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.aaa.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/nginx/server.crt";
ssl_certificate_key "/etc/nginx/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /management/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:9001/management/;
}
location /b2c/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:9001/b2c/;
}
location /file/images/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:9001/file/images/;
}
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
注:由於我的服務是爲服務,需要從https轉發到網關。所以配置了代理轉發,之間出現了權限的問題,負載均衡報錯failed (13: Permission denied) while connecting to upstream,始終轉發失敗。解決辦法如下:
1.修改nginx.conf配置文件,將第一行的user nginx改成root
2.檢查網絡訪問的配置
getsebool -a | grep httpd_can_network_connect
如果結果是httpd_can_network_connect --> off,則需要修改成on
修改方法
(1)臨時修改,SELinux命令,臨時配置,重啓後失效:etsebool httpd_can_network_connect=1
(2)寫入配置文件的命令,重啓後保留:setsebool -P httpd_can_network_connect 1
3.修改selinux
查看是否啓用:sestatus -v
若顯示的是SELinux status: enabled則表示已開啓。
(1)臨時修改:setenforce 0 表示permissive (setenforce 1 )代表enforcing(強制)
(2)永久關閉:vim /etc/selinux/config,將SELINUX=enforcing改爲SELINUX=disabled
記得重啓nginx,以上三種方法應該能解決此問題。