一、nginx先配置https環境
1、找打nginx的安裝環境 ,如nginx的安裝目錄是/usr/local/nginx,源包在/root/nginx-1.10.1目錄下
2、切換到源碼包
# cd /root/nginx-1.10.1
3、進行編譯
# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
4.配置完成后,運行命令:
# make
5.make命令執行后,不要進行make install,否則會覆蓋安裝。
6.備份原有已安裝好的nginx:
# cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
7.停止nginx狀態:
# /usr/local/nginx/sbin/nginx -s stop
8.將編譯好的nginx覆蓋掉原有的nginx:
# cd /root/nginx-1.10.1/ # cp ./objs/nginx /usr/local/nginx/sbin/
9.提示是否覆蓋,輸入yes即可。
10.然后啟動nginx:
# /usr/local/nginx/sbin/nginx
11.進入nginx/sbin目錄下,通過命令查看模塊是否已經加入成功:
# cd /usr/local/nginx/sbin/
# ./nginx -V
二、在阿里雲申請免費的證書
證書與域名是綁定的,配置nginx時看清楚
三、配置nginx
1、我在nginx.conf中配置了2個不同的域名
#user nobody; worker_processes 1; error_log logs/error.log; error_log logs/error.log notice; error_log logs/error.log info; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; # http配置 server { listen 80; server_name www.xiaoyaodijun.com; location / { root /var/app/dist/; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } #https 配置 server { listen 443 ssl; server_name web.xiaoyaodijun.com; root /var/app2/dist; #文件地址 index index.html index.htm; #默認首頁 ssl_certificate /var/cret/web.xiaoyaodijun.pem; #證書地址 ssl_certificate_key /var/cret/web.xiaoyaodijun.key; #證書地址 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; #代理請求http接口 location /ospapi/{ proxy_pass http://xxx.xxx.xx.xx:xxxx/front/; } }
#http請求自動重訂向https
server{
listen 80;
server_name web.xiaoyaodijun.com;
rewrite ^/(.*)$ https://web.xiaoyaodijun.com:443/$1 permanent;
}
}
2、https網站中,如果接口服務是http的,那么請求接口就會被拒絕,需要使用nginx做代理轉發
#代理請求http接口 location /ospapi/{ proxy_pass http://xxx.xxx.xx.xx:xxxx/front/; }
3、前端頁面的配置為
//代理模式請求接口 export const Url = "https://web.xiaoyaodijun.com/ospapi/"
即請求地址為
https://web.xiaoyaodijun.com/ospapi/edmap/getuser/test