使用Nginx为Leanote配置Https

摘要：生成证书可以在网上买一个或者自己做一个这里有一个脚本可以自动生成证书假设得到了两个文件配置假设运行的端口是域名为那么可以配置如下本配置只有部分不全强制如果不需要请注释这一行修改路径到下同

可以在网上买一个, 或者自己做一个.
这里有一个shell脚本可以自动生成证书:

#!/bin/sh

# create self-signed server certificate:

read -p "Enter your domain [www.example.com]: " DOMAIN

echo "Create server key..."

openssl genrsa -des3 -out $DOMAIN.key 1024

echo "Create server certificate signing request..."

SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN"

openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr

echo "Remove password..."

mv $DOMAIN.key $DOMAIN.origin.key
openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key

echo "Sign SSL certificate..."

openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt

假设得到了两个文件: a.com.crt, a.com.key

假设Leanote运行的端口是9000, 域名为a.com, 那么nginx.conf可以配置如下:

# 本配置只有http部分, 不全
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    
    upstream  a.com  {
        server   localhost:9000;
    }

    # http
    server
    {
        listen  80;
        server_name  a.com;
        
        # 强制https
        # 如果不需要, 请注释这一行rewrite
        rewrite ^/(.*) https://jp_linode2.com/$1 permanent;
        
        location / {
            proxy_pass        http://a.com;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        }
    }
    
    # https
    server
    {
        listen  443 ssl;
        server_name  a.com;
        ssl_certificate     /root/a.com.crt; # 修改路径, 到a.com.crt, 下同
        ssl_certificate_key /root/a.com.key;
        location / {
            proxy_pass        http://a.com;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        }
    }
}