一、获取https证书,以阿里云为例
1.进入域名解析,添加一个域名,详细过程略
2.购买免费版ssl证书,购买完之后,填写域名信息
3.待审核通过,下载ssl证书
二、linux 部署
1. 新建一个文件夹,放上面下载后的压缩包,并解压,解压后为两个文件key和pem
2.修改linux配置文件,并重启
server{
#listen 80;
#需替换
server_name XXX.com;
listen 443 ssl;
ssl on;
#public key
#需替换
ssl_certificate /webapp/cert/business/XXX.com.pem;
#private key
#需替换
ssl_certificate_key /webapp/cert/business/XXX.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
#wap
location / {
if ($http_user_agent = ""){
return 403;
}
if ($http_user_agent = "-"){
return 403;
}
trim on;
trim_js on;
trim_css on;
#需替换
proxy_pass http://XXX:8192;
proxy_buffering on;
index index.jsp index.htm index.html ;
proxy_redirect default ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Content-Type "application/json;charset=utf-8";
client_max_body_size 70m;
}
}
重启!完毕!