https實現三種方式
阿新 • • 發佈:2022-03-17
https實現三種方式
1.單個ECS/nginx配置https
單個ECS,新增域名證書【公網/私有】,並新增跳轉https
server { listen 80; server_name www.weirui.com; return 302 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.weirui.com; ssl_certificate key; ssl_certificate_key server.key; location/ { index index.php; } }
2.SLB+ECS
user 》 https 》 SLB > http > web_cluster user 》 https 》 SLB > https > web_cluster #負載均衡 upstream web_cluster { server xx:80; server xx:80; } server { listen 80; server_name www.weirui.com; return302 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.weirui.com; ssl_certificate key; ssl_certificate_key server.key; location / { proxy_pass http://web_cluster; proxy_set_Header Host $http_host; } } #web_cluster server { listen80; server_name www.weirui.com; return 302 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.weirui.com; ssl_certificate key; ssl_certificate_key server.key; location / { index index.php; } }
3.CDN+SLB+ECS
1.公網證書 2.需要SLB新增證書,將SLB的80埠刪除 3.為SLB配置基於HTTPS的訪問 4.將SLB的HTTP轉到HTTPS 5.上傳CDN的HTTPS 注: 若前端是https後端是http,那麼需要在後端配置允許支援https。 #vi /etc/nginx/nginx.conf server { ... location ~ \.php { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $doucument_root$fastcgi_script_name; include fastcgi_param; fastcgi_param HTTPS on; } }
配置校驗
#nginx -t #nginx -s reload 或 #systemctl daemon-reload #systemctl restart nginx