Nginx反向代理實現HTTPS網站

時間  2019-11-17
標籤 nginx 反向 代理 實現 https 網站 欄目 Nginx 简体版
原文   原文鏈接

一、環境設置php

此次是在windows環境下實現的,linux環境下步驟差很少html

openssl的windows版本python

下載地址: http://slproweb.com/products/Win32OpenSSL.html linux

Nginx的windows版本nginx

下載地址: http://nginx.org/en/download.html web

網站使用python的tornado框架windows

二、openssl建立證書session

 1 1.建立私鑰
 2 
 3   openssl genrsa -des3 -out lifes.key 1024 
 4    
 5   輸入密碼後,再次重複輸入確認密碼。記住此密碼,後面會用到。 
 6       
 7 
 8 2. 建立csr證書
 9 
10     openssl req -new -key lifes.key -out lifes.csr 
11 
12     bin文件夾內出現兩個文件:lifes.key、 lifes.csr
13 
14 3. 去除密碼 
15 
16     在加載SSL支持的Nginx並使用上述私鑰時除去必須的口令,不然會在啓動nginx的時候須要輸入密碼
17 
18     複製lifes.key並重命名爲lifes.key.org
19 
20     能夠使用此命令行,也能夠使用鼠標操做 copy lifes.key lifes.key.org
21 
22     去除口令,在命令行中執行此命令: openssl rsa -in lifes.key.org -out lifes.key
23 4. 生成crt證書
24 
25     openssl x509 -req -days 365 -in lifes.csr -signkey lifes.key -out lifes.crt
證書建立步驟

三、搭建webappapp

 1 #-*-coding:utf-8-*-
 2 
 3 import os.path
 4 
 5 import tornado.httpserver
 6 import tornado.ioloop
 7 import tornado.options
 8 import tornado.web
 9 
10 from tornado.options import define, options
11 define("port", default=8000, help="run on the given port", type=int)
12 
13 class IndexHandler(tornado.web.RequestHandler):
14     def get(self):
15         ip = self.request.remote_ip
16         print(ip)
17         self.render("test.html")
18 
19 class UserHandler(tornado.web.RequestHandler):
20     def post(self):
21         user_name = self.get_argument("username")
22         user_email = self.get_argument("email")
23         user_website = self.get_argument("website")
24         user_language = self.get_argument("language")
25         self.render("user.html",username=user_name,email=user_email,website=user_website,language=user_language)
26 
27 handlers = [
28     (r"/", IndexHandler),
29     (r"/user", UserHandler)
30 ]
31 
32 template_path = os.path.join(os.path.dirname(__file__),"template")
33 
34 if __name__ == "__main__":
35     tornado.options.parse_command_line()
36     app = tornado.web.Application(handlers, template_path)
37     http_server = tornado.httpserver.HTTPServer(app)
38     http_server.listen(options.port)
39     tornado.ioloop.IOLoop.instance().start()
tornado搭建app

四、配置nginx.conf框架

  1 #user  nobody;
  2 worker_processes  1;
  3 
  4 #error_log  logs/error.log;
  5 #error_log  logs/error.log  notice;
  6 #error_log  logs/error.log  info;
  7 
  8 #pid        logs/nginx.pid;
  9 
 10 
 11 events {
 12     worker_connections  1024;
 13 }
 14 
 15 
 16 http {
 17     include       mime.types;
 18     default_type  application/octet-stream;
 19 
 20     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
 21     #                  '$status $body_bytes_sent "$http_referer" '
 22     #                  '"$http_user_agent" "$http_x_forwarded_for"';
 23 
 24     #access_log  logs/access.log  main;
 25 
 26     sendfile        on;
 27     #tcp_nopush     on;
 28 
 29     #keepalive_timeout  0;
 30     keepalive_timeout  65;
 31 
 32     #gzip  on;
 33 
 34     server {
 35         listen       80;
 36         server_name  localhost;
 37 
 38         #charset koi8-r;
 39 
 40         #access_log  logs/host.access.log  main;
 41         
 42 
 43         location / {
 44             root   html;
 45             index  index.html index.htm;
 46         }
 47 
 48         #error_page  404              /404.html;
 49 
 50         # redirect server error pages to the static page /50x.html
 51         #
 52         error_page   500 502 503 504  /50x.html;
 53         location = /50x.html {
 54             root   html;
 55         }
 56 
 57         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
 58         #
 59         #location ~ \.php$ {
 60         #    proxy_pass   http://127.0.0.1;
 61         #}
 62 
 63         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
 64         #
 65         #location ~ \.php$ {
 66         #    root           html;
 67         #    fastcgi_pass   127.0.0.1:9000;
 68         #    fastcgi_index  index.php;
 69         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
 70         #    include        fastcgi_params;
 71         #}
 72 
 73         # deny access to .htaccess files, if Apache's document root
 74         # concurs with nginx's one
 75         #
 76         #location ~ /\.ht {
 77         #    deny  all;
 78         #}
 79     }
 80 
 81 
 82     # another virtual host using mix of IP-, name-, and port-based configuration
 83     #
 84     #server {
 85     #    listen       8000;
 86     #    listen       somename:8080;
 87     #    server_name  somename  alias  another.alias;
 88 
 89     #    location / {
 90     #        root   html;
 91     #        index  index.html index.htm;
 92     #    }
 93     #}
 94     
 95 
 96     # HTTPS server
 97     #
 98     server {
 99         listen 8088 default_server;
100         listen [::]:8066 ipv6only=on;
101         listen [::]:443 ssl;
102         listen       443 ssl;
103         
104         server_name  localhost;
105         server_name  www.web1.com;
106         
107         ssl_certificate      C:\Users\Administrator\Desktop\openssl-0.9.8k_WIN32\bin\lifes.crt;
108         ssl_certificate_key  C:\Users\Administrator\Desktop\openssl-0.9.8k_WIN32\bin\lifes.key;
109 
110         ssl_session_cache    shared:SSL:1m;
111         ssl_session_timeout  5m;
112 
113         ssl_ciphers  HIGH:!aNULL:!MD5;
114         ssl_prefer_server_ciphers  on;
115 
116         location / {
117             proxy_pass   http://web1;
118         }
119     }
120     upstream web1{
121         server 127.0.0.1:8000;   #SA Server1
122     }
123     
124 }
nginx-1.15.1\conf\nginx.conf

再nginx目錄下

啓動服務 start nginx

從新加載 nginx -s reload

查看服務是否正常 nginx -t

五、能正常訪問HTTPS站點

 https://www.web1.com

參考文章: https://blog.csdn.net/leedaning/article/details/71125559

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程