https加密解密原理

 Nginx单台实现HTTPS实战

ssl.oldboylinux.cn 

server {
  listen 80;
  server_name ssl.oldboylinux.cn;
  return 302 https:ssl.oldboylinux.cn$request_uri;
 }



 server {
  listen 443 ssl;
  server_name ssl.oldboylinux.cn;
  #指定证书
  ssl_certificate        /etc/nginx/key/6704089_ssl.oldboylinux.cn.pem;
  ssl_certificate_key   /etc/nginx/key/6704089_ssl.oldboylinux.cn.key;
  root /app/code/ssl;
  location / {
    index index.html;
     }
}

集群中https配置

upstream ssl_pools {
  server 10.0.0.7:80;
}
server {
  listen 80;
  server_name ssl.oldboylinux.cn;
  return 302 https:ssl.oldboylinux.cn$request_uri;
}


server {
  listen 443 ssl;
  server_name ssl.oldboylinux.cn;
  #指定证书
  ssl_certificate     /etc/nginx/key/6704089_ssl.oldboylinux.cn.pem;
  #指定私钥
  ssl_certificate_key /etc/nginx/key/6704089_ssl.oldboylinux.cn.key;

  location  / {
    proxy_pass http:ssl_pools;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

 *2)配置后端两台web节点监听80端口,如已配置则无需修改

4. https应用场景
纯静态页面(展示页面)只使用 http协议(静态不涉及动态请求)
·只要有动态信息,推荐使用https

5. https优化
官方最佳实践
·ssl模块中

 ·ssI模块指令补充: