nginx;HTTP=>HTTPS + 与后台对接接口(nginx; HTTP = > HTTPS + background docking interface)

零 背景

最近在做一个音视频会议网站,因为要调用摄像头,所以要把http转成https,所以用了nginx,这里记录下

一。http转https

server{
    listen 8221 ;
    server_name localhost;

    ssl on;

    ssl_certificate key/server.crt;     # 这里是服务端的证书路径
    ssl_certificate_key key/server.key; # 这里是秘钥路径
    
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;
    ssl_verify_client off;

    location / {
  
        proxy_redirect off;
    
        proxy_pass http://localhost:5500;
  
        # proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; 
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;   # 升级协议头
        proxy_set_header Connection upgrade;
    }

}

二 https与后台接口链接

location /devApi/interface/ {
 proxy_pass https://172.22.1.190:8888/interface/;
 # proxy_set_header: Host  $host;
}

三 完整版


#user  nobody;
worker_processes  1;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;



server{
    listen 8221 ;
    server_name localhost;

    ssl on;

    ssl_certificate key/server.crt;     # 这里是服务端的证书路径
    ssl_certificate_key key/server.key; # 这里是秘钥路径
    
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;
    ssl_verify_client off;

    location / {
  
        proxy_redirect off;
    
        proxy_pass http://localhost:5500;
  
        # proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; 
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;   # 升级协议头
        proxy_set_header Connection upgrade;
    }

    location /devApi/interface/ {
      proxy_pass https://172.22.1.190:8888/interface/;
      # proxy_set_header: Host  $host;
    }

}

}


————————

Zero background

Recently, I’m working on an audio and video conference website. Because I want to call the camera, I need to convert HTTP to HTTPS, so nginx is used. Here’s a record

一。http转https

server{
    listen 8221 ;
    server_name localhost;

    ssl on;

    ssl_certificate key/server.crt;     # 这里是服务端的证书路径
    ssl_certificate_key key/server.key; # 这里是秘钥路径
    
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;
    ssl_verify_client off;

    location / {
  
        proxy_redirect off;
    
        proxy_pass http://localhost:5500;
  
        # proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; 
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;   # 升级协议头
        proxy_set_header Connection upgrade;
    }

}

II. Link between HTTPS and background interface

location /devApi/interface/ {
 proxy_pass https://172.22.1.190:8888/interface/;
 # proxy_set_header: Host  $host;
}

III. full version


#user  nobody;
worker_processes  1;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;



server{
    listen 8221 ;
    server_name localhost;

    ssl on;

    ssl_certificate key/server.crt;     # 这里是服务端的证书路径
    ssl_certificate_key key/server.key; # 这里是秘钥路径
    
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;
    ssl_verify_client off;

    location / {
  
        proxy_redirect off;
    
        proxy_pass http://localhost:5500;
  
        # proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; 
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;   # 升级协议头
        proxy_set_header Connection upgrade;
    }

    location /devApi/interface/ {
      proxy_pass https://172.22.1.190:8888/interface/;
      # proxy_set_header: Host  $host;
    }

}

}