nginx 1.18配置ssl問題
阿新 • • 發佈:2020-08-10
把一個NETCORE網站部署到NGINX上,按微軟官方文件弄好了 https://docs.microsoft.com/zh-cn/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-3.1
想配置SSL的HTTPS證書,騰訊雲上申請了免費的,之前在WIN+IIS 配置是成功的,按網上的弄好了,我的用的是寶塔的NGINX,可以在網頁上建立網站了改NGINX配置檔案就行了,
配置好後重啟NGINX了,結果不行的,搜尋一翻,原來是centos伺服器自帶的firewall防火牆的問題,https://www.jianshu.com/p/17b73ad6a4b8, xshel上執行以下命令就行了
firewall-cmd --zone=public --add-port=443/tcp --permanent 增加443埠
firewall-cmd --reload 重啟防火牆
或者直接就把防火牆停掉
systemctl stop firewalld
其他備註:
在xshell 裡登入LINUX伺服器後,輸入BT命令,可以檢視寶塔預設的安裝資訊
以下是我的nginx配置檔案:
server { listen 80; server_name tudi.niunan.net; location / { proxy_pass http://localhost:5000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; } } server { #SSL 訪問埠號為 443 listen 443 ssl; #填寫繫結證書的域名 server_name tudi.niunan.net; #證書檔名稱 ssl_certificate /www/server/nginx/conf/1_tudi.niunan.net_bundle.crt; #私鑰檔名稱 ssl_certificate_key /www/server/nginx/conf/2_tudi.niunan.net.key; ssl_session_timeout 5m; #請按照以下協議配置 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #請按照以下套件配置,配置加密套件,寫法遵循 openssl 標準。 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:5000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; } }