Nginx - HackMD

###### Tags: `Nginx` `SSL` `反向代理` # Nginx ## windows版用法 [參考來源](https://topic.alibabacloud.com/tc/a/nginx-the-next-301-ways-to-redirect-domain-names-_nginx_8_8_20105588.html) ## SSL 設定檔產生器 [SSL Configuration Generator](https://ssl-config.mozilla.org/) ### 設定檔路徑 nginx\conf\nginx.conf ### 設定內容 ```nginx= #user nobody; worker_processes 1; error_log logs/error.log; error_log logs/error.log notice; error_log logs/error.log info; pid logs/nginx.pid; events { worker_connections 1024; } http { # server { # listen 80; # server_name fixer2.cdc.gov.tw www.fixer2.cdc.gov.tw; # } server { listen 443 ssl; server_name rental2.cdc.gov.tw www.rental2.cdc.gov.tw; # SSL certificate configuration (replace with your actual SSL certificate details) ssl_certificate TWCA.crt; ssl_certificate_key TWCA.key; if ($host != rental2.cdc.gov.tw ) { rewrite ^/(.*)$ https://rental2.cdc.gov.tw/$1 permanent; } keepalive_timeout 70; location / { proxy_pass http://127.0.0.1:3030/; # Replace with your actual backend server proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Enable WebSocket support (if needed) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } } ``` ### 細項設定說明 #### 輸入IP自動導向到網域 ```nginx= server { listen 443 ssl; server_name rental2.cdc.gov.tw www.rental2.cdc.gov.tw; # -------------- # 輸入非該網域就導向到該網域 if ($host != rental2.cdc.gov.tw ) { rewrite ^/(.*)$ https://rental2.cdc.gov.tw/$1 permanent; } } # -------------- ``` #### 要導向的來源 proxy_pass ```nginx= server { listen 443 ssl; server_name rental2.cdc.gov.tw www.rental2.cdc.gov.tw; # -------------- # 輸入非該網域就導向到該網域 location / { proxy_pass http://127.0.0.1:3030/; # Replace with your actual backend server proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Enable WebSocket support (if needed) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # -------------- } ``` ### SSL ```nginx= server { listen 443 ssl; server_name rental2.cdc.gov.tw www.rental2.cdc.gov.tw; # SSL certificate configuration (replace with your actual SSL certificate details) ssl_certificate TWCA.crt; ssl_certificate_key TWCA.key; # -------------- } ``` ### nginx指令在nginx資料夾執行PowerShell * 重讀 .\nginx.exe -s reload * 重開 .\nginx.exe -s reopen * 關閉 .\nginx.exe -s quit --- # SSL憑證設定 [參考來源](https://blog.user.today/windows-pfx-to-crt-key-file/) ## 使用OpenSSL 在C:\Program Files\OpenSSL-Win64\bin 執行PowerShell ## 轉換.pfx ### .pfx 產生 .crt 過程需輸入密碼 ```bash .\openssl.exe pkcs12 -in D:/TWCA.pfx -clcerts -nokeys -out D:/TWCA.crt ``` ### .pfx 產生 .key 過程需輸入密碼 ```bash .\openssl.exe pkcs12 -in D:/TWCA.pfx -nocerts -out D:/newTWCA.key ``` ### 去除.key密碼過程需輸入密碼 ```bash .\openssl.exe rsa -in D:/newTWCA.key -out D:/TWCA.key ``` ### .pfx 產生 .pem 過程需輸入密碼 ```bash .\openssl.exe pkcs12 -in D:/TWCA.pfx -nocerts -out D:/keyForSynology.pem -nodes ``` ### .pem 內容轉 rsa 過程需輸入密碼 ```bash .\openssl.exe rsa -in D:/keyForSynology.pem -out D:/rsa_keyForSynology.pem ```