dev环境 http强制跳转https
server{
listen 80;
server_name wltx.12355.net;
rewrite ^/(.*)$ https://wltx.123.net:443/$1 permanent;
}
server {
listen 443 ssl;
server_name localhost wltx.123.net;
ssl_certificate /opt/nginxssl/12355net.pem;#ssl证书,把ssl证书放cert目录下,cert在nginx的conf目录下
ssl_certificate_key /opt/nginxssl/1445net.key;#ssl证书key
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_types text/plain text/css application/x-javascript text/xml application/javascript application/json application/xml application/html;
gzip_static on;
gzip_vary on;
1.
#强制使用https跳转
return 301 https://$server_name$request_uri;
rewrite ^(.*)$ https://${server_name}$1 permanent;
2.
使用setcap
在root用户下执行命令:
#setcap cap_net_bind_service=+eip ./nginx
用一个例子来演示会更加清晰