前言
frp内网穿透成功后,访问的时候域名后要加上端口才能访问,不美观。然而配置nginx就可以解决。此篇文章涉及https,因为域名没备案。
申请ssl证书
1.地址 腾讯云ssl证书
2.验证域名权限的时候,添加txt最快,大概3分钟证书就能申请下来
3.下载证书,解压Nginx出来,下一步用
oneinstack配置
1.ssh登陆服务器,添加虚拟主机,http=>https建议开启
cd oneinstack
./vhost.sh2.替换ssl证书,先修改下载到的证书名称,用winscp上传到目录
3.重新加载nginxnginx -s reload
修改Virtualhost conf:
1.文件路径:/usr/local/nginx/conf/vhost/域名.conf
2.参考配置,自行修改域名和端口
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/域名.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/域名.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name 域名;
access_log /data/wwwlogs/域名_nginx.log combined;
index index.html index.htm index.php;
include /usr/local/nginx/conf/rewrite/other.conf;
root /data/wwwroot/域名;
location ~ {
proxy_pass http://127.0.0.1:端口;
include proxy.conf;
}
}
