企业🤖AI智能体构建引擎,智能编排和调试,一键部署,支持知识库和私有化部署方案 广告
### 前言 > 设置这个是比较好用的。代理的话,最好是以跑 https 做测试。如果想弄个免费的证书的话,点击我 ### 证书上传 > 上传直接可以通过 finalShell 工具,证书放在:/etc/ssl/certs/证书名.pem; ### 配置http重定向https > 进入到 ``` cd /usr/local/nginx/conf/ ``` > 编辑 ``` vi nginx.conf ``` > 找到 server 是 80的。加上重定向到https上面 ``` # 省略代码块 server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; rewrite ^(.*)$ https://$host$1 permanent; #用于将http页面重定向到https页面 location / { root html; index index.html index.htm; } # 省略代码块 ``` > 加上了后,在找到注释的:# HTTPS server 。将下面的一段话http的注释打开,然后更改ssl地址 ``` # 省略代码块 。找到 HTTPS server注释,下面全部打开 # HTTPS server server { listen 443 ssl; server_name localhost; ssl_certificate /etc/ssl/certs/4489861_www.lolku.cn.pem; ssl_certificate_key /etc/ssl/certs/4489861_www.lolku.cn.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } ``` ### 重新启动配置 > 重启后,就可以在页面上跑了。 ``` /usr/local/nginx/sbin/nginx -s reload ``` ### 二级域名https代理 > 前面只是讲解当前一级域名https的请求。根据http二级域名经验,进行制作二级https二级域名。都是一样的,只要后面新增一个新的,然后再代理上新的就好了(注意:一定是在第一个server的后面新增server)。比如: ``` worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; rewrite ^(.*)$ https://$host$1 permanent; #用于将http页面重定向到https页面 location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } # 只能在后面新增,不能放在前面 server { listen 80; # 端口 server_name api.xxxx.cn; # 域名 rewrite ^(.*)$ https://$host$1 permanent; #用于将http页面重定向到https页面 location / { proxy_pass http://localhost:3000; # 代理的地方 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } # # HTTPS server # # server { listen 443 ssl; server_name localhost; ssl_certificate /etc/ssl/certs/xxxxx.pem; ssl_certificate_key /etc/ssl/certs/xxxxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } # 只能在后面新增,不能放在前面 server { listen 443 ssl; server_name api.xxx.cn; ssl_certificate /etc/ssl/certs/xxxxxx.pem; ssl_certificate_key /etc/ssl/certs/xxxxxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:3000; # 代理的地方 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } } ``` ### 访问 > 访问 http://xxx.cn 是可以的,然后api.xxx.cn 会报危险警告,原因在于代理的 proxy_pass http://localhost:3000; 这个地址是 http 不是https,所以有问题。解决方案:http://locakhost:3000 换成 https://locakhost:3000 或者改成 https://xxx.cn:3000 ### 重启下配置 > 注意:每次更改下配置都得重新启动下 ``` /usr/local/nginx/sbin/nginx -s reload ```