Nginx HTTPS 证书配置实践指南

为了便于日后查阅和维护，我们对Nginx配置HTTPS证书的过程进行了详细记录。

证书配置说明

在本次项目中，我们采用了阿里云提供的Nginx HTTPS证书解决方案。以下将详细介绍测试环境中的Nginx证书配置方法。

证书文件路径

ssl_certificate：CA证书路径，需根据实际部署环境填写相应路径。

ssl_certificate_key：私钥文件路径，填写相应的密钥文件路径。

Nginx 证书配置示例

以下是Nginx配置文件中的相关代码示例：

server {    listen 443 ssl;    server_name next2.galanz.com.cn;    ssl_certificate      /usr/local/nginx/conf/certs/next1.galanz.com.cn.pem;    ssl_certificate_key  /usr/local/nginx/conf/certs/next1.galanz.com.cn.key;    ssl_session_cache   shared:SSL:1m;    ssl_session_timeout 5m;    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    ssl_prefer_server_ciphers on;    underscores_in_headers on;    proxy_set_header Host $host;    proxy_set_header X-Real-IP $remote_addr;    proxy_set_header REMOTE-HOST $remote_addr;    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    proxy_set_header X-Forwarded-Proto $scheme;    location ^~ /admin/ {        proxy_pass http://admin/;    }    location ^~ /app/ {        proxy_pass http://app/;    }    location ^~ /device/ {        proxy_pass http://device/;    }    location /mqtt {        proxy_pass http://172.18.123.139:8083/mqtt;        proxy_set_header Host $host;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        #client_max_body_size 35m;        proxy_http_version 1.1;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection "upgrade";    }    location / {        root   html/dist;        try_files $uri /index.html;        index  index.html index.htm;    }}