server {
listen 443 ssl http2;
server_name www.xxx.com xxx.com;
root /var/www/mywebsite-app/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
ssl_certificate /etc/nginx/conf.d/ssl/xxx.com_bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/xxx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
add_header Content-Security-Policy upgrade-insecure-requests;
}
#location ~ .*\.(js|css|jpg|gif|png|bmp|jpeg|svg)$ {
# # proxy_pass http://127.0.0.1:8081;
# # }
# }
}
做了转发的话jss css 是无法加载的 需要设置
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
但是返回的内容是http的 css js是无法加载的 会被浏览器屏蔽
add_header Content-Security-Policy upgrade-insecure-requests;
腾讯云 放行后依然无法访问443
原因是防火墙没启动
1
# 华为云排查防火墙是否开放端口,yes 为已开放,no 为未开放
[root@121]# firewall-cmd --query-port=80/tcp
yes
# 此处排查出防火墙未开放 443 端口
[root@121]# firewall-cmd --query-port=443/tcp
no
# 防火墙新增开放端口 443,返回 success 为新增成功
[root@121]# firewall-cmd --zone=public --add-port=443/tcp --permanent
success
# 防火墙操作完成后需要重新 reload,返回 success 为reload成功
[root@121]# firewall-cmd --reload
success
# 再次查询 443 端口是否已开放,返回 yes 端口已开放
[root@121]# firewall-cmd --query-port=443/tcp
yes
rewrite ^(.*) https://xxx.com$1 permanent;