1 安装 Nginx
yum install gcc pcre-devel openssl-devel -y && \
cd /opt && \
wget http://nginx.org/download/nginx-1.20.2.tar.gz && \
tar -zxvf nginx-1.20.2.tar.gz && \
cd nginx-1.20.2 && \
./configure --prefix=/opt/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-stream && \
make && make install
2 修改 Nginx 配置
备份配置文件:
cp /opt/nginx/conf/nginx.conf /opt/nginx/conf/nginx.conf.bak
将下列 server 加入 nginx.conf:
vim nginx.conf
server { #强制跳转 https
listen 80;
#修改为实际环境的域名
server_name bi.ipsunshine.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
#修改为实际环境的域名
server_name <域名>;
#修改为实际证书
ssl_certificate dataease.top_bundle.crt;
ssl_certificate_key dataease.top.key;
ssl_session_timeout 1d;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
#将IP和端口改为DataEase服务器的访问地址和端口
proxy_pass http://172.31.0.48:9876/;
server_name_in_redirect off;
# websocket 代理
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
3 启动 Nginx 并验证
启动 Nginx:
/opt/nginx/sbin/nginx
检查端口:
ss -an|grep 443
tcp LISTEN 0 128 *:443 *:*
在浏览器通过 https 方式访问 Nginx 服务器,会跳转到 DataEase 的页面:
https://域名或IP
