用户工具

站点工具


web:https

https证书检测

        listen 443 ssl http2;
        #ssl on;
        ssl_certificate /soft/cert/xlongwei.pem;
        ssl_certificate_key /soft/cert/xlongwei.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_pass http://ourjs;
            #limit_req zone=yi burst=8;
            add_header 'Access-Control-Allow-Origin' '*';
        }        
  • https转http
        location / {
                if ( $request_method = OPTIONS ) {
                        add_header 'Access-Control-Allow-Origin' '*';
                        add_header 'Access-Control-Allow-Headers' '*';
                        add_header 'Access-Control-Allow-Methods' '*';
                        return 200;
                }
                proxy_pass http://127.0.0.1:80;
                #proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header Host $host;
                proxy_set_header SSL '1';
                proxy_redirect http:// https://;
                #proxy_redirect http:// $scheme://;
        }
  • web socket,https和http两个配置文件都需要加上
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
  • http转https
server {
        server_name log.xlongwei.com;
        return 301 https://$host$request_uri;
}
  • 全站http转https
# conf.d/default.conf
server {
        listen 80 default;
        return 302 https://$host$request_uri;
        # rewrite ^(.*)$  https://$host$1 permanent;
}
# https.conf
        listen 443 ssl http2;
        access_log off;
        #ssl on;
        ssl_certificate /soft/cert/xlongwei.pem;
        ssl_certificate_key /soft/cert/xlongwei.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
# conf.d/a.conf
server {
        server_name a.xlongwei.com;
        include https.conf;
        location / {
                autoindex on;
                root /soft/tool;
        }
}
wget https://golang.google.cn/dl/go1.10.1.linux-amd64.tar.gz --no-check-certificate
curl -k https://golang.google.cn/dl/go1.10.1.linux-amd64.tar.gz
jget https://golang.google.cn/dl/go1.10.1.linux-amd64.tar.gz  # alias jget="java Get"
web/https.txt · 最后更改: 2021/02/03 18:00 由 admin