配置文件,我配置在/etc/nginx/conf.d/default.conf文件内

server {
    listen 80;
    server_name  你的域名;
    # 强制转换成https
    rewrite ^(.*)$   https://$host$1 permanent;
    client_max_body_size 64m;
}
server {
    listen       443 ssl;
    server_name  你的域名;
    # 反向代理
    location / {
        # 配置成https时,访问http项目的静态文件会报错.
        add_header Content-Security-Policy upgrade-insecure-requests;
        # 其他请求头配置项
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # 这个IP地址,指向的是容器,其IP默认使用的network下的brige网络,使用inspect可以查看IP
        # 或者使用命名访问
        proxy_pass http://172.17.0.2/;
        client_max_body_size 64m;
    }
    # 解决资源文件不能访问的问题
    location ~ .* {
        # 传递地址
        proxy_pass  http://busweb;
        proxy_set_header  Host $http_host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    # 应该是没有安装ssl模块,打开该语句报错
    # ssl on;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;
    # 证书配置
    ssl_certificate      /你的证书存放地址/fullchain.pem;
    ssl_certificate_key  /你的证书存放地址/privkey.pem;
    ssl_trusted_certificate  /你的证书存放地址/fullchain.pem;
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

Nginx下SSL证书配置,开启强制https访问

配置文件,我配置在/etc/nginx/conf.d/default.conf文件内

作者