Nginx Configure SSL certificate, allow SSL access

Official reference documentation, including the SSL configuration for Apache, Nginx, and IIS:

http://www.wosign.com/Docdownload/

Instance one, configure HTTP to forward to HTTPS, a virtual host has two servers, some content use * * instead

NGX01 (10.66.**.**), Ngx02 (10.66.**.**)
1, add the Sslkey folder in/etc/nginx, import the SSL certificate to the folder, refer to the attachment
2. Modify the virtual host
Upstream am***

{server 172.22.**.*:80; keepalive 100;}

server {
Listen 80;
server_name www.***-dmp.cn;
rewrite "^/(. *) $" https://www.***-dmp.cn/$1  Break ; #这里配置http转发到https

Proxy_headers_hash_max_size 51200;
Proxy_headers_hash_bucket_size 6400;

Location/

{# access_log/var/log/nginx/access_www.log; proxy_http_version 1.1; Proxy_set_header Connection ""; Proxy_set_header Host $host; Proxy_set_header X-real-ip $http _x_forwarded_for; Proxy_set_header X-forwarded-server $host; Proxy_set_header x-forwarded-for $http _x_forwarded_for; Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; Proxy_pass http://amnet/; }

location/web/

{alias/opt/wwwroot/web/; # access_log/var/log/nginx/access_web.log;}

}

server {
Listen 443; #监听443端口
server_name www.***-dmp.cn;

SSL on; #打开ssl
Ssl_certificate SSLKEY/1__.***-DMP.CN_BUNDLE.CRT; #指定ssl的证书和key
Ssl_certificate_key Sslkey/2__.***-dmp.cn.key;

Proxy_headers_hash_max_size 51200;
Proxy_headers_hash_bucket_size 6400;

Location/

{# access_log/var/log/nginx/access_www.log; proxy_http_version 1.1; Proxy_set_header Connection ""; Proxy_set_header Host $host; Proxy_set_header X-real-ip $http _x_forwarded_for; Proxy_set_header X-forwarded-server $host; Proxy_set_header x-forwarded-for $http _x_forwarded_for; Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; Proxy_pass http://amnet/; }

location/web/

{alias/opt/wwwroot/web/; # access_log/var/log/nginx/access_web.log;}

}

Instance two, HTTP and HTTPS can be used, do not jump, need to configure two virtual host, such as the original ***.conf virtual host configuration file, add a ***-https.conf virtual host configuration file, the contents are as follows:

NGX03 (10.66.**.**), Ngx04 (10.66.**.**)
1, add/etc/nginx folder in Sslkey, import SSL certificate into this folder, refer to Attachment
2, the original virtual host configuration file ***.conf, add the virtual host ***-https.conf, the content is as follows:
Server {
Listen 443;              #监听443端口

server_name cm.***-dmp.cn cm.***akidmp.com;
#打开ssl                       

Ssl_certificate SSLKEY/1__.***-DMP.CN_BUNDLE.CRT; #指定ssl的证书和key

Ssl_certificate_key Sslkey/2__.***-dmp.cn.key;

Location/favicon.ico

{access_log off; error_log/dev/null Crit;}

Location/index.html

{alias/var/www/index.html;}

Location/1_1.gif

{alias/var/www/1_1.gif;}

Proxy_headers_hash_max_size 51200;
Proxy_headers_hash_bucket_size 6400;

Location/

{proxy_http_version 1.1; Proxy_set_header Connection ""; Proxy_set_header Host $host; Proxy_set_header X-real-ip $remote _addr; Proxy_set_header X-forwarded-server $host; Proxy_set_header x-forwarded-for $http _x_forwarded_for; Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; Proxy_pass http://aaccm/; }

Location/crossdomain.xml

{alias/usr/local/track/crossdomain.xml;}
}

In fact, example two in another way, in a virtual host Configuration Two server, one using 80 port HTTP, the other using 443 port HTTPS, but 80 do not forward it, that is, no:rewrite "^/(. *) $" HTTPS ://www.***-dmp.cn/$1 break ;

I guess this should also be possible, because my time and conditions are limited, there is no actual test, we have time to try again.

This article comes from "Plum blossom fragrance from bitter cold!" "Blog, be sure to keep this provenance http://daixuan.blog.51cto.com/5426657/1774945

Nginx Configure SSL certificate, allow SSL access