碼上歡樂
相關內容    簡體    繁體

nginx 配置http和https驗證

本文轉載自   查看原文   2020-04-18 10:55   2617    python web

申請SSL證書

在騰訊雲申請

 

 

 

 

 

 申請成功后下載到本地,上傳到服務器上

 

 

 

nginx配置

假設項目名稱為flask_demo

vim /etc/nginx/nginx.conf

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    #include /etc/nginx/conf.d/*.conf;
  #增加配置文件 include /etc/nginx/demo.d/flask_demo.conf;
}

 

把證書文件拷貝到demo.d文件夾中

 

 

 

flask_demo配置

監聽http和https兩個端口

server {
        listen 80 default backlog=2048;
        listen 443 ssl;
        server_name xx.xx.cn; #你自己的域名
        #證書文件名稱
        ssl_certificate demo.d/1_xx.xx.cn_bundle.crt; #你自己的證書
        #私鑰文件名稱
        ssl_certificate_key demo.d/xx.xx.cn.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        charset UTF-8;
        access_log      /var/log/nginx/myweb_access.log;
        error_log       /var/log/nginx/myweb_error.log;

        client_max_body_size 75M;

        location / {
                try_files $uri @yourapplication1;
        }
      location @yourapplication1 {
      include uwsgi_params;
      uwsgi_pass unix:/home/ubuntu/data/www/logs/demo.sock;
      uwsgi_read_timeout 1800;
      uwsgi_send_timeout 300;
    }
}

如果htttp訪問的時候,報錯如下:

400 Bad Request
The plain HTTP requset was sent to HTTPS port. Sorry for the inconvenience.
……
 
原因可能是http的請求被發送到https的端口上去了,所以才會出現這樣的問題。
把ssl on;這行去掉

驗證

https:

 

 http:

 

 

 

 

HTTP 自動跳轉 HTTPS 的安全配置

server {
        #listen 80 default backlog=2048;
        listen 443 ssl;
        server_name xx.xx.cn;
        #證書文件名稱
        ssl_certificate demo.d/1_xx.cn_bundle.crt;
        #私鑰文件名稱
        ssl_certificate_key demo.d/2_xx.cn.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        charset UTF-8;
        access_log      /var/log/nginx/myweb_access.log;
        error_log       /var/log/nginx/myweb_error.log;

        client_max_body_size 75M;

        location / {
                try_files $uri @yourapplication1;
        }
      location @yourapplication1 {
      include uwsgi_params;
      uwsgi_pass unix:/home/ubuntu/data/www/logs/demo.sock;
      uwsgi_read_timeout 1800;
      uwsgi_send_timeout 300;
    }
}
server {
        listen 80;
        server_name xx.cn; #你自己的域名 rewrite ^(.*) https://xx.cn$1 permanent;#把http的域名請求轉成https
  }

 

 驗證:

 

 

 

 

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 nginx 配置http和https代理 HTTP轉HTTPS及Nginx配置 nginx配置http跳轉https Nginx同時支持Http和Https的配置 Nginx同時支持Http和Https的配置 nginx配置https轉發http https和http共存的nginx配置 nginx 配置http,https,ip nginx配置http和https可同時訪問方法 Nginx配置http跳轉https訪問
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM