1. 生成SSL证书
可以在网上买一个, 或者自己做一个.
这里有一个shell脚本可以自动生成证书:
#!/bin/sh # create self-signed server certificate: read -p "Enter your domain [www.example.com]: " DOMAIN echo "Create server key..." openssl genrsa -des3 -out $DOMAIN.key 1024 echo "Create server certificate signing request..." SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN" openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr echo "Remove password..." mv $DOMAIN.key $DOMAIN.origin.key openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key echo "Sign SSL certificate..." openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
假设得到了两个文件: a.com.crt, a.com.key
2. 配置Nginx
假设Leanote运行的端口是9000, 域名为a.com, 那么nginx.conf可以配置如下:
# 本配置只有http部分, 不全
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
upstream a.com {
server localhost:9000;
}
# http
server
{
listen 80;
server_name a.com;
# 强制https
# 如果不需要, 请注释这一行rewrite
rewrite ^/(.*) https://jp_linode2.com/$1 permanent;
location / {
proxy_pass http://a.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# https
server
{
listen 443 ssl;
server_name a.com;
ssl_certificate /root/a.com.crt; # 修改路径, 到a.com.crt, 下同
ssl_certificate_key /root/a.com.key;
location / {
proxy_pass http://a.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
时间: 2024-08-02 11:02:44