前言
该项目配置时,紧按官网文档指导基本可以跑起来。
然该文档在反向代理配置时,只写了内网且无ssl配置教程,甚至没有Apache教程。总结两种情况,仅供参考。
先决条件
一台Lamp或者Lnmp服务器
一个已备案的域名(海外服务器可以不备案)
LNMP构架
-
证书保存位置
/etc/nginx/cert -
修改配置
sudo vi /etc/nginx/conf.d/ds-ssl.conf
upstream halo {
server 127.0.0.1:8090;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name blog.nanweb.cn
server_tokens off;
ssl_certificate /etc/nginx/cert/xxxxxx.crt;
ssl_certificate_key /etc/nginx/cert/xxxxxxxx.key;
ssl_session_timeout 5m;
client_max_body_size 1024m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://halo;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
LAMP构架
-
证书保存位置
/etc/apache2/CA -
启动模块
sudo a2enmod proxy_http sudo a2enmod proxy sudo a2enmod ssl sudo service apache2 restart -
修改配置
sudo vi /etc/apache2/sites-available/default-ssl.conf
<VirtualHost _default_:443>
ServerName blog.nanweb.cn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
SSLEngine on
SSLCertificateFile /etc/apache2/CA/xxxxx.crt
SSLCertificateKeyFile /etc/apache2/CA/xxxxx.key
SSLCertificateChainFile /etc/apache2/CA/xxxxx.crt
ProxyRequests Off
ProxyMaxForwards 100
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8090/
ProxyPassReverse / http://127.0.0.1:8090/
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
Enjoy!