nginx 配置http和https验证
申请SSL证书
在腾讯云申请
申请成功后下载到本地,上传到服务器上
nginx配置
假设项目名称为flask_demo
vim /etc/nginx/nginx.conf
http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘ ‘$status $body_bytes_sent "$http_referer" ‘ ‘"$http_user_agent" "$http_x_forwarded_for"‘; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; #include /etc/nginx/conf.d/*.conf; #增加配置文件 include /etc/nginx/demo.d/flask_demo.conf; }
把证书文件拷贝到demo.d文件夹中
flask_demo配置
监听http和https两个端口
server { listen 80 default backlog=2048; listen 443 ssl; server_name xx.xx.cn; #你自己的域名 #证书文件名称 ssl_certificate demo.d/1_xx.xx.cn_bundle.crt; #你自己的证书 #私钥文件名称 ssl_certificate_key demo.d/xx.xx.cn.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; charset UTF-8; access_log /var/log/nginx/myweb_access.log; error_log /var/log/nginx/myweb_error.log; client_max_body_size 75M; location / { try_files $uri @yourapplication1; } location @yourapplication1 { include uwsgi_params; uwsgi_pass unix:/home/ubuntu/data/www/logs/demo.sock; uwsgi_read_timeout 1800; uwsgi_send_timeout 300; } }
如果htttp访问的时候,报错如下:
400 Bad Request
The plain HTTP requset was sent to HTTPS port. Sorry for the inconvenience.
……
The plain HTTP requset was sent to HTTPS port. Sorry for the inconvenience.
……
把ssl on;这行去掉
验证
https:
http:
HTTP 自动跳转 HTTPS 的安全配置
server { #listen 80 default backlog=2048; listen 443 ssl; server_name xx.xx.cn; #证书文件名称 ssl_certificate demo.d/1_xx.cn_bundle.crt; #私钥文件名称 ssl_certificate_key demo.d/2_xx.cn.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; charset UTF-8; access_log /var/log/nginx/myweb_access.log; error_log /var/log/nginx/myweb_error.log; client_max_body_size 75M; location / { try_files $uri @yourapplication1; } location @yourapplication1 { include uwsgi_params; uwsgi_pass unix:/home/ubuntu/data/www/logs/demo.sock; uwsgi_read_timeout 1800; uwsgi_send_timeout 300; } } server { listen 80; server_name xx.cn; #你自己的域名 rewrite ^(.*) https://xx.cn$1 permanent;#把http的域名请求转成https }
验证:
相关推荐
nginxs 2020-11-14
Guanjs0 2020-11-13
小木兮子 2020-11-11
yserver 2020-11-11
ssihc0 2020-11-11
windle 2020-11-10
HanksWang 2020-11-10
liuchen0 2020-11-10
Freshairx 2020-11-10
ccschan 2020-11-10
liwf 2020-11-10
Guanjs0 2020-11-09
AderStep 2020-11-09
zrtlin 2020-11-09
mqfcu 2020-11-10
windle 2020-10-29