0
点赞
收藏
分享

微信扫一扫

nginx反向代理 强制https请求 + 非root用户起80,443端口

dev环境 http强制跳转https

    server{
        listen 80;
        server_name wltx.12355.net;
        rewrite ^/(.*)$ https://wltx.123.net:443/$1 permanent;
    }

    server {
        listen       443 ssl;
        
        server_name  localhost wltx.123.net;
        ssl_certificate   /opt/nginxssl/12355net.pem;#ssl证书,把ssl证书放cert目录下,cert在nginx的conf目录下
        ssl_certificate_key  /opt/nginxssl/1445net.key;#ssl证书key
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_types  text/plain  text/css application/x-javascript text/xml application/javascript application/json application/xml application/html;
    gzip_static on;
        gzip_vary on;

 

1.

#强制使用https跳转

return 301    https://$server_name$request_uri;
rewrite ^(.*)$ https://${server_name}$1 permanent;

2.

使用setcap

在root用户下执行命令:

#setcap cap_net_bind_service=+eip ./nginx

 

用一个例子来演示会更加清晰



举报

相关推荐

0 条评论