文章详细描述了如何在Nginx配置文件中设置SSL监听、SSL缓存和跨域访问控制,同时提到如何在Apache中修改默认端口以避免与Nginx冲突,并提供了重启服务的命令。
进入nginx.conf
# vim /etc/nginx/nginx.conf
配置为下面内容
events {
# 配置项,例如 worker_processes 和 worker_connections
}
http {
# 其他 http 配置项...
server {
listen 80;
server_name faq.example.com;
return 301 https://faq.example.com$request_uri;
}
server {
listen 443 ssl;
server_name faq.example.com;
ssl on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate /etc/nginx/ssl/faq.pem; # 证书路径
ssl_certificate_key /etc/nginx/ssl/faq.key; # 请求认证 key 的路径
location / {
# 允许跨域请求的“域”
add_header 'Access-Control-Allow-Origin' $http_origin;
# 允许客户端提交 Cookie
add_header 'Access-Control-Allow-Credentials' 'true';
# 允许客户端的请求方法
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
# 允许客户端提交的请求头
add_header 'Access-Control-Allow-Headers' 'Origin, x-requested-with, Content-Type, Accept, Authorization';
# 允许客户端访问的响应头
add_header 'Access-Control-Expose-Headers' 'Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma';
# 处理预检请求
if ($request_method = 'OPTIONS') {
# 预检请求缓存时间
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
proxy_pass http://192.168.100.100:8080; # 注意这里修改为 8080 端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_read_timeout 600;
}
}
}
Apache需要修改端口号,不然会和nginx的端口号冲突,ubuntu 的apache端口号在conf中修改并不生效,需要修改/etc/apache2/ports.conf
#vim /etc/apache2/ports.conf
Listen 8080
<IfModule ssl_module>
Listen 8443
</IfModule>
<IfModule mod_gnutls.c>
Listen 8443
</IfModule>
重启apache
# systemctl restart apache2
启动nginx
# systemctl start nginx
扫一扫
787
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
