在 centOS 中使用 ssl 保护 tileserver-gl
Secure tileserver-gl using ssl in centOS
我有sudo docker run -d --restart unless-stopped -it -v $(pwd):/data -p 81:80 maptiler/tileserver-gl运行。我可以访问 http://mypage.com:81 just fine. However, I wanted to access https://mypage.com:81。我有一个有效的证书,但它无法使用 https 协议。下面是我的 nginx.conf 文件。
server {
listen 80;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mypage.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/nginx/certs/mypage.com.crt";
ssl_certificate_key "/etc/pki/nginx/certs/mypage.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://localhost:80;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
}
这里的解决方法是
server {
listen 81 ssl;
listen [::]:81 ssl;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mypage.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/nginx/certs/mypage.com.crt";
ssl_certificate_key "/etc/pki/nginx/certs/mypage.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://localhost:80;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
}
在端口 80 上观察 ssl。
我有sudo docker run -d --restart unless-stopped -it -v $(pwd):/data -p 81:80 maptiler/tileserver-gl运行。我可以访问 http://mypage.com:81 just fine. However, I wanted to access https://mypage.com:81。我有一个有效的证书,但它无法使用 https 协议。下面是我的 nginx.conf 文件。
server {
listen 80;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mypage.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/nginx/certs/mypage.com.crt";
ssl_certificate_key "/etc/pki/nginx/certs/mypage.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://localhost:80;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
}
这里的解决方法是
server {
listen 81 ssl;
listen [::]:81 ssl;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name mypage.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/nginx/certs/mypage.com.crt";
ssl_certificate_key "/etc/pki/nginx/certs/mypage.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://localhost:80;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
}
在端口 80 上观察 ssl。