icon
Update time
Jul 21, 2022 02:41 AM
Internal status
Waiting update
password
Nginx配置ssl
- 腾讯云申请证书
- 阿里云域名解析验证证书
- 安装证书
- 下载证书
- 上传配置证书
#将本地的jenkins.jimersylee.com.zip上传至jimersylee.com这个机子上的/data/ssl_cert目录scp jenkins.jimersylee.com.zip root@jimersylee.com:/data/ssl_cert #登录主机解压文件 ssh root@jimersylee.com cd /data/ssl_cert unzip jenkins.jimersylee.com.zip #各种web服务器的证书就解压完成了,然后去配置Nginx [root@VM_77_132_centos ssl_cert]# tree . ├── Apache │ ├── 1_root_bundle.crt │ ├── 2_blog.jimersylee.com.crt │ ├── 2_jenkins.jimersylee.com.crt │ ├── 2_jimersylee.com.crt │ ├── 3_blog.jimersylee.com.key │ ├── 3_jenkins.jimersylee.com.key │ └── 3_jimersylee.com.key ├── blog.jimersylee.com.cert.zip ├── IIS │ ├── blog.jimersylee.com.pfx │ ├── jenkins.jimersylee.com.pfx │ ├── jimersylee.com.pfx │ └── keystorePass.txt ├── jenkins.jimersylee.com.zip ├── jimersylee.com.cert.zip ├── Nginx │ ├── 1_blog.jimersylee.com_bundle.crt │ ├── 1_jenkins.jimersylee.com_bundle.crt │ ├── 1_jimersylee.com_bundle.crt │ ├── 2_blog.jimersylee.com.key │ ├── 2_jenkins.jimersylee.com.key │ └── 2_jimersylee.com.key └── Tomcat ├── jenkins.jimersylee.com.jks └── keystorePass.txt
- nginx配置
#创建配置文件vim /etc/nginx/conf.d/jenkins.conf
写入以下内容
配置443端口
server { listen 443; server_name jenkins.jimersylee.com; ssl on; ssl_certificate /data/ssl_cert/Nginx/1_jenkins.jimersylee.com_bundle.crt; ssl_certificate_key /data/ssl_cert/Nginx/2_jenkins.jimersylee.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 ssl_prefer_server_ciphers on; root /data/java_app/tomcat9/webapps;
indexindex.htmlindex.htmindex.php; location / { try_files $uri @jenkins; } location @jenkins { internal; proxy_pass http://127.0.0.1:8080; } access_log /data/logs/jenkins/jenkins.log main; }
转发80的访问到jenkins
server { listen 80; server_name jenkins.jimersylee.com; rewrite ^ https://servernamerequest_uri? permanent; }
- 重启Nginx生效
nginx -s stop#停止 nginx -t#测试Nginx配置是否正确 nginx#启动Nginx ```