有数使用自签证书做ip https访问
更新时间: 2024-12-19 16:31:56
阅读 51
1.使用openssl生成自签证书
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.crt
key和crt名字可以自定义
2.更改nginx配置如下
worker_processes 2;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 1g;
sendfile on;
keepalive_timeout 65;
proxy_read_timeout 1200s;
gzip on;
gzip_comp_level 2;
gzip_min_length 2k;
gzip_types text/css text/javascript application/javascript image/svg+xml application/json;
gzip_vary on;
#隐藏版本号
server_tokens off;
log_format main '$remote_addr [$cookie_SESSION_YOUDATA] [$time_local] "$request" $status "$http_referer" $request_time $upstream_response_time';
access_log /access.log main;
server {
listen 80;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 8010;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
resolver 127.0.0.11 valid=30s ipv6=off;
set $svc backend;
proxy_pass http://$svc:8010;
}
}
upstream store {
server store:9090;
}
server {
listen 9090;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://store;
}
}
upstream web {
server 1.1.1.1:7000;
}
upstream web-sticky-sameSite {
server 1.1.1.1:7000;
sticky name=YDNESIO expires=2h hmac=sha1 hmac_key=ydnesio secure sameSite=none;
}
upstream web-sticky {
server 1.1.1.1:7000;
sticky name=YDNESIO expires=2h hmac=sha1 hmac_key=ydnesio;
}
upstream inner-web-sticky {
server 2.2.2.2:7000;
sticky name=YDNESIO expires=2h hmac=sha1 hmac_key=ydnesio;
}
server {
listen 7001;
resolver 127.0.0.11 valid=30s ipv6=off;
location ^~ /reportmis {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set $cr2 complex-report;
proxy_pass http://$cr2:8800;
}
location /process/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set $flow flow;
proxy_pass http://$flow:10020;
}
location = /api/manage/model/saveModelInfo {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set $flow flow;
proxy_pass http://$flow:10020/process/bpmnjsmodeler/saveModelInfo;
}
location = /api/manage/model/saveModelByXml {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set $flow flow;
proxy_pass http://$flow:10020/process/bpmnjsmodeler/saveModelByXml;
}
location ~ ^/api/manage/(.*)$ {
set $flow flow;
proxy_pass http://$flow:10021/manage/$1$is_args$args;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://inner-web-sticky;
}
}
server {
listen 443 default_server;
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
resolver 127.0.0.11 valid=30s ipv6=off;
location ^~ /index/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
set $svc website;
proxy_pass http://$svc:9000;
}
location ^~ /api/dash {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
add_header Cache-Control no-store;
proxy_pass http://web;
}
location ^~ /dash/socket.io/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
set $webs "web-sticky";
if ($cookie_YOUDATA.sameSite) {
set $webs "web-sticky-sameSite";
}
proxy_pass http://$webs;
}
location = /dash/store/webrpc {
return 403;
}
location = /api/dash/util/pushTableByMammut{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Connection "Upgrade";
proxy_pass http://inner-web-sticky;
}
location ^~ /dash/store/ {
proxy_set_header Host nginx:9090;
proxy_pass http://store/;
}
location ^~ /operation {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
set $svc backend;
proxy_pass http://$svc:8010;
}
location ^~ /cache {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
set $sc smartcache;
proxy_pass http://$sc:7002;
}
location /process/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
set $flow flow;
proxy_pass http://$flow:10020;
}
location = /api/manage/model/saveModelInfo {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
set $flow flow;
proxy_pass http://$flow:10020/process/bpmnjsmodeler/saveModelInfo;
}
location = /api/manage/model/saveModelByXml {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
set $flow flow;
proxy_pass http://$flow:10020/process/bpmnjsmodeler/saveModelByXml;
}
location ~ ^/api/manage/(.*)$ {
set $flow flow;
proxy_pass http://$flow:10021/manage/$1$is_args$args;
}
location ^~ /api/mammutIndicator/sync {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
set $ma mammut-adapter;
proxy_pass http://$ma:8888;
}
location ^~ /reportmis {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
set $cr complex-report;
proxy_pass http://$cr:8800;
}
location ~ /monitor {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
set $gf grafana;
proxy_pass http://$gf:3000;
}
location ~ ^/stackadmin/(.*)$ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
set $pt portainer;
proxy_pass http://$pt:9000/$1$is_args$args;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://web;
}
}
}
stream {
upstream redis {
server redis:6379;
}
server {
listen 6379;
proxy_timeout 30m;
proxy_pass redis;
}
# The below config is for using gpfdist in DE
# To use gpfist, please make sure that the servers of MPP can connect to the Youdata BI servers
# and decomment the below config and the gploader in the stack yaml file.
# upstream gploader_stream {
# server gploader:8090;
# }
# server {
# listen 8070;
# proxy_pass gploader_stream;
# }
}
3.修改nginx服务处映射,将证书映射进nginx容器
4.修改完以上配置
dsd docker-stack.youdata818.yaml youdata
5.配置完成后,使用ip访问会提示不安全https
文档反馈
以上内容对您是否有帮助?