原创

针对OSS绑定到服务器反向代理配置以及https相关配置【二】【基于第一篇阿里云文章】

上一篇文章关于OSS阿里云对象储存流量问题的一些坑和解决方案【一】【新手特别注意】讲述了OSS阿里云的相关问题,此次博主将继续讲述关于如何配置Nginx,希望对各位有所帮助

监听80端口开启反向代理

 # 虚拟主机配置
    server {
        listen       80;  #监听80端口
        server_name  xxx.xxx.xxx  aaa.aaa.aaa;    #监听的域名 多个域名空格隔开
        rewrite ^(.*)$ https://$host$1 permanent; #用于全站跳转到https
        location / {
        gzip  on;  #gzip压缩开关
    gzip_buffers 4 512k; #压缩缓冲区
    gzip_vary on;
    gzip_min_length 1; #小于1字节不再压缩 节省cpu
    gzip_comp_level 2; #压缩级别是2
    gzip_types text/html text/plain application/x-javascript text/css application/xml application/json text/javascript application/x-httpd-php image/jpeg image/gif image/png image/jpg;
    output_buffers 4 512k; #输出缓冲区
    postpone_output 5460; #输出缓冲区
        # $host 变量,Host 为变量名 
        #设置代理请求头,可以将IP一起携带,否则你获取到的IP一直是你服务器本机IP
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;                        
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;        
        }        
    }

监听443端口,主要设置https

server {
        listen 443;#监听443端口,https的
        server_name xxx.xxx.xxx;#你的域名
        #SSL常规配置,在这之前请先安装好open ssl插件
        ssl on;
        #证书相关的 路径+文件
        ssl_certificate   文件路径/cert/xxx.pem;
        ssl_certificate_key  文件路径/cert/xxx.key;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_stapling on;
        ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
        ssl_prefer_server_ciphers on;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        location /{
        #代理的一些设置,包括socket的最后两行
            proxy_pass http://ip+项目端口;
            proxy_http_version 1.1;
            proxy_connect_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_read_timeout 3600s;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;                        
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;   
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

将OSS地址映射到服务器(重点)

此处配置时要确保你的OSS是和你的服务器处于同一区域,所谓同一区域就是你的服务器是华东1(杭州)那么你的OSS也应该在华东1(杭州)。否则设置了以后还是会采用外网地址访问的。!!切记! 切记!! 切记!!!

#阿里云oss映射到服务器
     server {
     listen 443 ; 
     #default_server;
     server_name xxx.xxx.xxx;
     ssl on;
    ssl_certificate   路径/cert/xxx.pem;
    ssl_certificate_key 路径/cert/xxx.key;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_stapling on;
    ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
     location / {
     root xxx/;  #你的bucket文件名称
     #如果主机与bucket不在同一个地域,需使用外网
     proxy_pass http://xxxxx/;#阿里云OSS外网地址
     proxy_set_header   Referer http://xxx.xx.xx;#你的域名
     }
     }

填写bucket下的ESC内网地址

这样就大功告成了。要是觉得有帮助,请多多留言多多赞一个,也帮忙转发让更多需要的朋友看看。
博主这么辛苦,老弟要是赞助下我也不介意。哈哈哈哈哈哈哈。
希望大家早日成为大佬!!!!!!!!!!!!!!!!原创不易,要喷请轻点~~~

正文到此结束
本文目录