1)創建文件myapp.conf
與此內容:
server {
listen 443;
client_max_body_size 2048M;
client_body_buffer_size 2048M;
disable_symlinks off;
server_name yourdomain.com www.yourdomain.com;
root /opt/somefolder/myapp/public; # or remove it
index index.html index.htm;
ssl on;
ssl_certificate /opt/somefolder/myapp/certs/server.crt;
ssl_certificate_key /opt/somefolder/myapp/certs/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_session_cache shared:SSL:1m;
location @app {
log_not_found off;
access_log off;
proxy_pass https://127.0.0.1:8443;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
}
location/{
try_files $uri $uri/ @app;
}
}
2)複製或符號鏈接myapp.conf
文件/etc/nginx/sites-enabled/myapp.conf
3)中的NodeJS應用聽的https:
var
express = require('express'),
https = require('https'),
fs = require('fs'),
path = require('path'),
app = express();
var httpsServer =
https.createServer({
key: fs.readFileSync(path.join(__dirname, 'certs', 'server.key')),
cert: fs.readFileSync(path.join(__dirname, 'certs', 'server.crt'))
}, app);
httpsServer.listen(8443, '127.0.0.1', function() {
console.log('App listening');
});
4)重啓nginx
5)啓動該應用程序使用forever
或pm2
我對proxy_pass有點不清楚:https://127.0.0.1:8443; 我的服務器目前正在收聽5505.我可以設置它嗎? – shanwar
當然,我舉了一個例子,並不嚴格:「必須這樣做」。請記住,nginx將處理443上的請求,並將代理傳遞給5505,以便您必須在不需要節點的情況下請求api或其他節點:5505 – num8er
@shanwar現在是否按照您的要求工作? (: – num8er