【Kubesphere 】Kubesphere Nginx部署SSL证书 https_kubesphere 挂载nginx ssl证书-CSDN博客

本文链接：https://blog.csdn.net/qq_31776219/article/details/128265490

本文介绍如何配置阿里云提供的免费SSL证书，并展示了Nginx配置示例，包括HTTP到HTTPS的重定向设置及文件上传下载优化。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

我们使用阿里云的免费证书，可以参考如下文档进行配置
https://help.aliyun.com/document_detail/98728.html?spm=0.2020520163.help.dexternal.2e12fJwsfJwsAj

在ks挂载这边，把html和配置挂出来
如下图所示
在这里插入图片描述

证书直接放在ks的默认存储里
在这里插入图片描述

server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
	
    location /XXXX{
        proxy_pass   http://yc-XXXXXX.yckj-bid:8880/renren-fast;
     }
	   
    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
    
}
    server {
    listen 443 ssl;
    #配置HTTPS的默认访问端口为443。
    #如果未在此处配置HTTPS的默认访问端口，可能会造成Nginx无法启动。
    #如果您使用Nginx 1.15.0及以上版本，请使用listen 443 ssl代替listen 443和ssl on。
    server_name XX.XX.info; #需要将yourdomain.com替换成证书绑定的域名。
    root html;
    index index.html index.htm;
    ssl_certificate /usr/share/nginx/html/cert/8684523_XX.XX.info.pem;  #需要将cert-file-name.pem替换成已上传的证书文件的名称。
    ssl_certificate_key /usr/share/nginx/html/cert/8684523_XX.XX.info.key; #需要将cert-file-name.key替换成已上传的证书私钥文件的名称。
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    #表示使用的加密套件的类型。
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #表示使用的TLS协议的类型。
    ssl_prefer_server_ciphers on;
      location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
	
    location /bid {
        proxy_pass   http://yc.yckj-bid:8880/renren-fast;
     }
}

这里使用ks官方的Nginx镜像，如果涉及文件上传下载：
还要改下nginx.conf，不然大文件上传会报错的，以后直接拿着个去用就行


user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

  gzip  on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 3;
    gzip_types text/plain application/javascript application/css  text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
    gzip_vary off;
    gzip_disable "MSIE [1-6]\.";
    client_max_body_size 200m;
    proxy_connect_timeout 300s;
    proxy_send_timeout 300s;
    proxy_read_timeout 300s;

    include /etc/nginx/conf.d/*.conf;
}