基于Windows安装Nginx并配置
Nginx的配置及OpenSSL自签名证书配置与cerbot免费公网证书配置
1、nginx配置代理前端
# 基本代理
location / {
root html/dist;
index index.html index.htm;
}
# 配置前缀代理、注意 root、alias
location /web/ {
alias html/dist;
index index.html index.htm;
}
# 代理前端VUE还需要设置打包前缀、H5应该不影响
location ~ ^/web2/(.*)$ {
# $is_args$args保留原始请求中的查询参数
proxy_pass http://192.168.0.116:9000/$1$is_args$args;
# proxy_set_header X-Forwarded-Prefix "/web2";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}2、nginx配置代理后端
location ~ ^/server/(.*)$ {
# $is_args$args保留原始请求中的查询参数
proxy_pass http://192.168.0.116:8090/$1$is_args$args;
proxy_set_header X-Forwarded-Prefix "/server";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}3、OpenSSL自签名证书
# 内网环境配置域名
C:\Windows\System32\drivers\etc
192.168.0.116 www.blxcloud.com
# windows安装OpenSSL
https://slproweb.com/products/Win32OpenSSL.html
openssl version
# 自签名证书生成
mkdir demo
openssl genpkey -algorithm RSA -out ./demo/server.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key ./demo/server.key -out ./demo/server.csr
openssl x509 -req -days 365 -in ./demo/server.csr -signkey ./demo/server.key -out ./demo/server.crt
openssl verify ./demo/server.crt
# 生成私钥和自签名证书(一次性完成)
mkdir demo2
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./demo2/server.key -out ./demo2/server.crt -subj "/C=CN/ST=SC/L=CD/O=BLX/OU=KF/CN=www.blxcloud.com/emailAddress=55575@qq.com" -addext "subjectAltName=DNS:www.blxcloud.com"
openssl verify ./demo2/server.crt4、cerbot免费证书(需要公网域名)
# windows最新版下载地址
https://github.com/certbot/certbot/releases/download/v2.9.0/certbot-beta-installer-win_amd64_signed.exe
# 进入安装bin目录(CMD或powershell管理员方式运行)
certbot.exe --help
# 网页服务器目前没有在这台机器上运行(无邮箱注册)
certbot certonly --standalone --register-unsafely-without-email
# 网页服务器目前没有在这台机器上运行(-d域名\-m邮箱)
certbot certonly --standalone -d www.blxcloud.com,blxcloud.com -m 55575@qq.com
certbot certonly --standalone --register-unsafely-without-email -d www.blxcloud.com,blxcloud.com
# 网页服务器已经在用80端口,不想在Certbot运行时停止(无邮箱注册)
certbot certonly --webroot --register-unsafely-without-email
# 测试自动续期
certbot renew --dry-run
# 生成本地测试证书
certbot certonly --standalone --test-cert --register-unsafely-without-email
certbot certonly --standalone --test-cert --register-unsafely-without-email -d www.blxcloud.com,blxcloud.com5、Nginx证书配置
# nginx根目录创建certificate目录放置证书文件
server {
listen 443 ssl;
server_name www.blxcloud.com;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
ssl_certificate ../certificate/cert.crt;
ssl_certificate_key ../certificate/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html/dist;
index index.html index.htm;
}
}