nginx 的 https 协议是需要 SSL 模块支持的。
如果没有 SSL 模块, 需要重新编译, 然后替换当前的 nginx。
$ ./sbin/nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/app/nginx/ --with-http_ssl_module省略了证书相关步骤
server {
listen 80;
server_name raomin.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
server_name raomin.com;
# 配置你的 ssl
ssl on;
ssl_certificate key/server.crt;
ssl_certificate_key key/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect ~(.*)http://(.*) $1https://$2;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Request-Id $request_id;
proxy_pass https://xxxxx; # 你的服务
}
}重启 nginx 即可
$ ./sbin/nginx -s reload