服务器上仍然使用nginx进行代理
1.为二级域名申请ssl证书,如blog.yourdomain.com,见前文。
2.在域名解析服务中,为二级域名添加解析记录
3.nginx默认读取/etc/nginx/conf.d/*.conf
在conf.d下建立二级域名对应的配置文件如vi blog.conf
upstream ech{server ip:port; #此处最好指定内网ip}server{ ???????listen 80; ???????server_name ech.domain.cn; #此处指定子域名访问 ???????location / { ????????????proxy_pass http://ech; ???????}}这样,一个简单的http二级域名就实现了,但是由于在nginx中,对所有http服务都做了重定向至https,所以需要在配置https的配置文件。
4.配置完成如下:
upstream blog{server 10.139.xxx.xxx:8090; ?#此处指定的云服务器内网ip}server{ ???????listen ??????80; ???????rewrite ^(.*)$ ?https://$host$1 permanent; ???????location / { ????????????#proxy_pass http://blog; ???????}}server{ ???????listen ??????443 ssl http2 ; ???????server_name blog.yourdomain.cn; #此处指定子域名访问 ???????ssl_certificate "/home/ssl/keys/blog.yourdomain.cn/1_blog.yourdomain.cn_bundle.crt"; ???????ssl_certificate_key "/home/ssl/keys/blog.yourdomain.cn/2_blog.yourdomain.cn.key"; ???????ssl_session_cache shared:SSL:1m; ???????ssl_session_timeout ?10m; ???????ssl_ciphers HIGH:!aNULL:!MD5; ???????ssl_prefer_server_ciphers on; ???????location / { ????????????tcp_nodelay on; ????????????proxy_set_header Host $host; ????????????proxy_set_header X-Real-IP $remote_addr; ????????????proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ????????????proxy_pass http://10.139.xxx.xxx:8090; ???????}}为二级域名注册ssl证书,并强制使用https对http进行跳转
原文地址:https://www.cnblogs.com/huanghongbo/p/10113173.html