原因现在网站使用HTTPS是规范操作之一,前些日子买了腾讯云服务,同时申请了域名http://www.asap2me.top/,目前该域名只支持HTTP,想升级为HTTPS。关于HTTPS的链接过程大家可以看我的这篇文章HTTPS连接过程。使用http访问是正常的:使用https访问报错:环境目前环境是:Centos7.6Web服务:GoLangWeb服务端口号:8080操作因为Web服务是GoLang写的,所以思路是搭建Nginx反向代理,Nginx上配置证书,将请求代理到Go服务上。申请证书申请证书的方案很多,可以从Let's Encrypt申请,因为我的域名是从腾讯云上买的,所以直接在腾讯云上申请免费证书位置:https://console.cloud.tencent.com/ssl查看域名验证状态,一般需要5分钟左右才能通过,如果报错,可以过会重新验证,验证状态成功后申请完成后,可以下载证书安装Nginx安装Nginx的过程中,要记得把ssl模块一起安装上,否则会报错nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.confyum install gcc-c++
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
yum install -y openssl openssl-devel
wget -c https://nginx.org/download/nginx-1.12.0.tar.gz
tar -zxvf nginx-1.12.0.tar.gz
cd nginx-1.12.0
./configure –prefix=/usr/local/nginx –with-http_stub_status_module –with-http_ssl_module
make
make install安装完毕后,在/usr/local/nginx/目录下会有nginx的相关文件上传证书在云服务器上创建ssl目录,位置为/usr/local/nginx/ssl将申请到的证书上传到该位置,共两个文件,一个crt,一个keyNginx配置编辑Nginx配置,nginx.conf#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
include /usr/local/nginx/conf/vhost/*.conf;
default_type application/octet-stream;
#log_format main '$remote_addr – $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
listen 443 ssl;
server_name www.asap2me.top;
#charset koi8-r;
#access_log logs/host.access.log main;
ssl_certificate /usr/local/nginx/ssl/asap2me.crt;
ssl_certificate_key /usr/local/nginx/ssl/asap2me.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_pass http://go_backend;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}对于这个配置,有几个地方需要说明一下:listen 443 ssl; 监听443端口include /usr/local/nginx/conf/vhost/*.conf; 创建vhost目录,里面存放其他配置文件ssl配置 ssl_certificate /usr/local/nginx/ssl/asap2me.crt; ssl_certificate_key /usr/local/nginx/ssl/asap2me.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;请求转发 location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_pass http://go_backend; }go_backend的配置如下,go_back_upstream.confupstream go_backend{
server 127.0.0.1:8080 weight=1 max_fails=2 fail_timeout=10s;
}验证现在让我们验证一下效果:http正常https正常总结将http升级为https,分如下几步申请证书将证书存放到代理机器上不同代理,如Nginx、Apache、Tomcat,做对应的配置验证资料快速签发 Let's Encrypt 证书指南https://www.cnblogs.com/esofar/p/9291685.htmlHTTPS 免费证书申请和应用https://cloud.tencent.com/document/product/627/41141?from=information.detail.%E8%85%BE%E8%AE%AF%E4%BA%91%E4%B8%8B%E8%BD%BDhttps%E8%AF%81%E4%B9%A6域名型(DV)免费证书申请流程https://cloud.tencent.com/document/product/400/6814后端服务轻松切换HTTPShttps://www.songma.com/news/txtlist_i25496v.htmlCentOS7安装Nginxhttps://www.cnblogs.com/boonya/p/7907999.htmlhttps://www.cnblogs.com/ghjbk/p/6744131.html ngx_http_ssl_module最后大家如果喜欢我的文章,可以关注我的公众号(程序员麻辣烫)我的个人博客为:https://shidawuhen.github.io/往期文章回顾:技术Go通道实现原理Go定时器实现原理HTTPS连接过程限流实现2秒杀系统分布式系统与一致性协议微服务之服务框架和注册中心Beego框架使用浅谈微服务TCP性能优化限流实现1Redis实现分布式锁Golang源码BUG追查事务原子性、一致性、持久性的实现原理CDN请求过程详解常用缓存技巧如何高效对接第三方支付Gin框架简洁版InnoDB锁与事务简析算法总结读书笔记资治通鉴敏捷革命如何锻炼自己的记忆力简单的逻辑学-读后感热风-读后感论语-读后感孙子兵法-读后感思考项目流程管理对项目管理的一些看法对产品经理的一些思考关于程序员职业发展的思考关于代码review的思考Markdown编辑器推荐-typora