安全的问题不容小觑,一般我所开发的后台服务器,我都会要求使用https,以减少网络的中间攻击导致不必要的损失。
一般情况下,我开发的后台,只是监听的是127.0.0.1:4430类似的端口,仅限本地访问。
然后通过nginx来处理外部的请求,将它转发至本地的服务上,顺带使用nginx来配置一下https的证书。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
$ cat /etc/nginx/conf.d/www.exmaple.com.conf
#
# HTTPS server configuration
#
server {
listen 80;
server_name www.exmaple.com;
return 301 https://$host$request_uri;
# location / {
# proxy_pass http://127.0.0.1:4430;
# }
}
server {
listen 443 ssl http2;
server_name www.exmaple.com;
root /;
charset utf-8;
client_max_body_size 128M;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers ALL:!kEDH!ADH:RC4+RSA:+HIGH:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:4430;
}
}
|
- 服务器地址:
www.exmaple.com
- 将Http自定向为Https
- 配置了ssl证书
- 将
www.exmaple.com重定向到了本地的4430的应用