nginx配置http转https:springboot项目

软件安装 小海豚博客管理员 2020-03-23 20:13:40.0 63 0条

想:http://访问自动跳转https://,/项目名字/,进行springboot项目转发,其它,访问静态资源

获取密钥及证书

  1. openssl req -new -nodes -newkey rsa:2048 -keyout server.key -out server.csr
  2. openssl req -new -x509 -key server.key -out ca.crt -days 3650
  3. openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt

server.key 私钥
server.csr Certificate Signing Request 证书签名请求
server.crt CA签名后的最终证书

注意:也可以在阿里云上申请,可以看这篇文章:申请阿里云免费的HTTPS证书和SpringBoot配置HTTPS与HTTP重定向成HTTPS

配置nginx.config

首先将私钥server.key和证书server.crt复制到/usr/local/nginx/ssl目录下

  1. server {
  2. listen 80;
  3. server_name localhost;
  4. rewrite ^(.*)$ https://$host$1 permanent;
  5. }
  6. server {
  7. listen 443;
  8. server_name localhost;
  9. ssl on;
  10. ssl_certificate /usr/local/nginx/ssl/server.crt;
  11. ssl_certificate_key /usr/local/nginx/ssl/domain.key;
  12. ssl_session_timeout 5m;
  13. ssl_protocols TLSv1;
  14. ssl_ciphers HIGH:!aNULL:!MD5;
  15. ssl_prefer_server_ciphers on;
  16. location / {
  17. root /home/lv/html;
  18. autoindex on; # 开启目录文件列表
  19. autoindex_exact_size off; # 显示出文件的确切大小,单位是bytes
  20. autoindex_localtime on; # 显示的文件时间为文件的服务器时间
  21. charset utf-8,gbk; # 避免中文乱码
  22. }
  23. location /demo/ {
  24. client_max_body_size 16m;
  25. client_body_buffer_size 128k;
  26. proxy_pass http://localhost:8080/;
  27. proxy_set_header Host $host;
  28. proxy_set_header X-Real-IP $remote_addr;
  29. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  30. proxy_set_header X-Forwarded-Proto $scheme;
  31. proxy_set_header X-Forwarded-Port $server_port;
  32. proxy_next_upstream off;
  33. proxy_connect_timeout 30;
  34. proxy_read_timeout 300;
  35. proxy_send_timeout 300;
  36. }

springboot 配置

  1. server.tomcat.remote_ip_header=x-forwarded-for
  2. server.tomcat.protocol_header=x-forwarded-proto
  3. server.tomcat.port-header=X-Forwarded-Port
  4. server.use-forward-headers=true

设置服务器端口

  1. server.port=8080

注意点:nginx配置proxy_pass的端口号8080要和springboot服务器端口号对应上

暗锚,解决锚点偏移

文章评论

嘿,来试试登录吧!