在springboot实现了ssl功能之后,还要再同一台服务器部署一个静态页面用于其他的需求。选用的是Nginx,配置了ssl,动态网址+静态页面。
这里还是把springboot应用的ssl功能屏蔽了,直接暴露了8080端口,然后通过Nginx指向到8080。具体配置看下面
# nginx.conf #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; charset utf-8; #gzip on; server{ #下面配置会报异常“[warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead” #ssl on #这样才是正确的 listen 443 ssl; server_name www.xxx.com; #证书文件 ssl_certificate /etc/certs/cert.pem; ssl_certificate_key /etc/certs/cert.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; #swagger相关 location /swagger-ui.html { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_pass http://127.0.0.1:8080/swagger-ui.html; } location /swagger-resources { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_pass http://127.0.0.1:8080/swagger-resources; } location /v2/api-docs { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_pass http://127.0.0.1:8080/v2/api-docs; } location /webjars { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_pass http://127.0.0.1:8080/webjars; } #其他业务url,有多个,省略了 location /wxpay { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_pass http://127.0.0.1:8080/wxpay; } #静态页面 location /index.html { root /www/html/; index index.html; } #静态资源(静态页面需要使用的js文件) location /jquery-1.9.1.min.js { root /www/html/; } } server { listen 80; server_name www.xxx.com; #跳转到443端口 rewrite ^/(.*)$ https://www.xxx.com:443/$1 permanent; } }
这里遇到一个坑,就是在静态资源配置的时候这样写的
#静态资源(静态页面需要使用的js文件) location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|pdf|txt) { root /www/html/; }
这样是满足静态页面index.html的需求,但是会把swagger相关的静态资源指向/www/html/目录,这肯定是找不到的,所以没办法加载,需要指明文件。
