Nginx反向代理实现HTTPS网站

news/2024/5/20 3:31:12/文章来源:https://blog.csdn.net/weixin_30702413/article/details/99981600

1、环境设置

这次是在windows环境下实现的，linux环境下步骤差不多

openssl的windows版本

下载地址： http://slproweb.com/products/Win32OpenSSL.html

Nginx的windows版本

下载地址： http://nginx.org/en/download.html

网站使用python的tornado框架

2、openssl创建证书

 1 1.创建私钥
 2 
 3 　　openssl genrsa -des3 -out lifes.key 1024 
 4 　　 
 5 　　输入密码后，再次重复输入确认密码。记住此密码，后面会用到。 
 6 　　　　　　
 7 
 8 2. 创建csr证书
 9 
10     openssl req -new -key lifes.key -out lifes.csr 
11 
12     bin文件夹内出现两个文件：lifes.key、 lifes.csr
13 
14 3. 去除密码 
15 
16     在加载SSL支持的Nginx并使用上述私钥时除去必须的口令，否则会在启动nginx的时候需要输入密码
17 
18     复制lifes.key并重命名为lifes.key.org
19 
20     可以使用此命令行，也可以使用鼠标操作 copy lifes.key lifes.key.org
21 
22     去除口令，在命令行中执行此命令： openssl rsa -in lifes.key.org -out lifes.key
23 4. 生成crt证书
24 
25     openssl x509 -req -days 365 -in lifes.csr -signkey lifes.key -out lifes.crt

证书创建步骤

3、搭建webapp

 1 #-*-coding:utf-8-*-
 2 
 3 import os.path
 4 
 5 import tornado.httpserver
 6 import tornado.ioloop
 7 import tornado.options
 8 import tornado.web
 9 
10 from tornado.options import define, options
11 define("port", default=8000, help="run on the given port", type=int)
12 
13 class IndexHandler(tornado.web.RequestHandler):
14     def get(self):
15         ip = self.request.remote_ip
16         print(ip)
17         self.render("test.html")
18 
19 class UserHandler(tornado.web.RequestHandler):
20     def post(self):
21         user_name = self.get_argument("username")
22         user_email = self.get_argument("email")
23         user_website = self.get_argument("website")
24         user_language = self.get_argument("language")
25         self.render("user.html",username=user_name,email=user_email,website=user_website,language=user_language)
26 
27 handlers = [
28     (r"/", IndexHandler),
29     (r"/user", UserHandler)
30 ]
31 
32 template_path = os.path.join(os.path.dirname(__file__),"template")
33 
34 if __name__ == "__main__":
35     tornado.options.parse_command_line()
36     app = tornado.web.Application(handlers, template_path)
37     http_server = tornado.httpserver.HTTPServer(app)
38     http_server.listen(options.port)
39     tornado.ioloop.IOLoop.instance().start()

tornado搭建app

4、配置nginx.conf

  1 #user  nobody;
  2 worker_processes  1;
  3 
  4 #error_log  logs/error.log;
  5 #error_log  logs/error.log  notice;
  6 #error_log  logs/error.log  info;
  7 
  8 #pid        logs/nginx.pid;
  9 
 10 
 11 events {
 12     worker_connections  1024;
 13 }
 14 
 15 
 16 http {
 17     include       mime.types;
 18     default_type  application/octet-stream;
 19 
 20     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
 21     #                  '$status $body_bytes_sent "$http_referer" '
 22     #                  '"$http_user_agent" "$http_x_forwarded_for"';
 23 
 24     #access_log  logs/access.log  main;
 25 
 26     sendfile        on;
 27     #tcp_nopush     on;
 28 
 29     #keepalive_timeout  0;
 30     keepalive_timeout  65;
 31 
 32     #gzip  on;
 33 
 34     server {
 35         listen       80;
 36         server_name  localhost;
 37 
 38         #charset koi8-r;
 39 
 40         #access_log  logs/host.access.log  main;
 41         
 42 
 43         location / {
 44             root   html;
 45             index  index.html index.htm;
 46         }
 47 
 48         #error_page  404              /404.html;
 49 
 50         # redirect server error pages to the static page /50x.html
 51         #
 52         error_page   500 502 503 504  /50x.html;
 53         location = /50x.html {
 54             root   html;
 55         }
 56 
 57         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
 58         #
 59         #location ~ \.php$ {
 60         #    proxy_pass   http://127.0.0.1;
 61         #}
 62 
 63         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
 64         #
 65         #location ~ \.php$ {
 66         #    root           html;
 67         #    fastcgi_pass   127.0.0.1:9000;
 68         #    fastcgi_index  index.php;
 69         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
 70         #    include        fastcgi_params;
 71         #}
 72 
 73         # deny access to .htaccess files, if Apache's document root
 74         # concurs with nginx's one
 75         #
 76         #location ~ /\.ht {
 77         #    deny  all;
 78         #}
 79     }
 80 
 81 
 82     # another virtual host using mix of IP-, name-, and port-based configuration
 83     #
 84     #server {
 85     #    listen       8000;
 86     #    listen       somename:8080;
 87     #    server_name  somename  alias  another.alias;
 88 
 89     #    location / {
 90     #        root   html;
 91     #        index  index.html index.htm;
 92     #    }
 93     #}
 94     
 95 
 96     # HTTPS server
 97     #
 98     server {
 99         listen 8088 default_server;
100         listen [::]:8066 ipv6only=on;
101         listen [::]:443 ssl;
102         listen       443 ssl;
103         
104         server_name  localhost;
105         server_name  www.web1.com;
106         
107         ssl_certificate      C:\Users\Administrator\Desktop\openssl-0.9.8k_WIN32\bin\lifes.crt;
108         ssl_certificate_key  C:\Users\Administrator\Desktop\openssl-0.9.8k_WIN32\bin\lifes.key;
109 
110         ssl_session_cache    shared:SSL:1m;
111         ssl_session_timeout  5m;
112 
113         ssl_ciphers  HIGH:!aNULL:!MD5;
114         ssl_prefer_server_ciphers  on;
115 
116         location / {
117             proxy_pass   http://web1;
118         }
119     }
120     upstream web1{
121         server 127.0.0.1:8000;   #SA Server1
122     }
123     
124 }