针对OSS绑定到服务器反向代理配置以及https相关配置【二】【基于第一篇阿里云文章】
上一篇文章关于OSS阿里云对象储存流量问题的一些坑和解决方案【一】【新手特别注意】讲述了OSS阿里云的相关问题,此次博主将继续讲述关于如何配置Nginx,希望对各位有所帮助
监听80端口开启反向代理
# 虚拟主机配置
server {
listen 80; #监听80端口
server_name xxx.xxx.xxx aaa.aaa.aaa; #监听的域名 多个域名空格隔开
rewrite ^(.*)$ https://$host$1 permanent; #用于全站跳转到https
location / {
gzip on; #gzip压缩开关
gzip_buffers 4 512k; #压缩缓冲区
gzip_vary on;
gzip_min_length 1; #小于1字节不再压缩 节省cpu
gzip_comp_level 2; #压缩级别是2
gzip_types text/html text/plain application/x-javascript text/css application/xml application/json text/javascript application/x-httpd-php image/jpeg image/gif image/png image/jpg;
output_buffers 4 512k; #输出缓冲区
postpone_output 5460; #输出缓冲区
# $host 变量,Host 为变量名
#设置代理请求头,可以将IP一起携带,否则你获取到的IP一直是你服务器本机IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
监听443端口,主要设置https
server {
listen 443;#监听443端口,https的
server_name xxx.xxx.xxx;#你的域名
#SSL常规配置,在这之前请先安装好open ssl插件
ssl on;
#证书相关的 路径+文件
ssl_certificate 文件路径/cert/xxx.pem;
ssl_certificate_key 文件路径/cert/xxx.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_stapling on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
location /{
#代理的一些设置,包括socket的最后两行
proxy_pass http://ip+项目端口;
proxy_http_version 1.1;
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
将OSS地址映射到服务器(重点)
此处配置时要确保你的OSS是和你的服务器处于同一区域,所谓同一区域就是你的服务器是华东1(杭州)那么你的OSS也应该在华东1(杭州)。否则设置了以后还是会采用外网地址访问的。!!切记! 切记!! 切记!!!
#阿里云oss映射到服务器
server {
listen 443 ;
#default_server;
server_name xxx.xxx.xxx;
ssl on;
ssl_certificate 路径/cert/xxx.pem;
ssl_certificate_key 路径/cert/xxx.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_stapling on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
location / {
root xxx/; #你的bucket文件名称
#如果主机与bucket不在同一个地域,需使用外网
proxy_pass http://xxxxx/;#阿里云OSS外网地址
proxy_set_header Referer http://xxx.xx.xx;#你的域名
}
}
填写bucket下的ESC内网地址
这样就大功告成了。要是觉得有帮助,请多多留言多多赞一个,也帮忙转发让更多需要的朋友看看。
博主这么辛苦,老弟要是赞助下我也不介意。哈哈哈哈哈哈哈。
希望大家早日成为大佬!!!!!!!!!!!!!!!!原创不易,要喷请轻点~~~
正文到此结束
