以配置域名访问 halo 博客为例

1、安装nginx

# 添加 Nginx 源
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

# 安装 Nginx
sudo yum install -y nginx

# 启动 Nginx
sudo systemctl start nginx.service

# 设置开机自启 Nginx
sudo systemctl enable nginx.service

2、配置nginx

# 下载 Halo 官方的 Nginx 配置模板
curl -o /etc/nginx/conf.d/halo.conf --create-dirs https://dl.halo.run/config/nginx.conf

# 使用 vim 编辑 halo.conf
vim /etc/nginx/conf.d/halo.conf

打开之后可以看到

server {
    listen 80;

    server_name example.com;

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://127.0.0.1:8090/;
    }
}

注意:请把 example.com 改为自己的域名。

修改完成之后

# 检查配置是否有误
sudo nginx -t

# 重载 Nginx 配置
sudo nginx -s reload

3、配置ssl证书

创建证书存放目录

mkdir -p /etc/nginx/ssl

然后将下载的证书放到 /etc/nginx/ssl 目录下。

image.png

修改 halo.conf 配置文件

vim /etc/nginx/conf.d/halo.conf

修改为如下所示

server {
    listen 80;
    server_name codesensi.top;

    return  301 https://$server_name$request_uri;
}
server {
    listen 443 ssl;

    server_name codesensi.top;
  
    ssl_certificate              /etc/nginx/ssl/4312001_codesensi.top.pem;
    ssl_certificate_key          /etc/nginx/ssl/4312001_codesensi.top.key;
    ssl_session_cache? ?         shared:SSL:1m;
    ssl_session_timeout?         5m;
    ssl_ciphers?                 HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers?   on;
    
    client_max_body_size 1024m;

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://127.0.0.1:8090/;
    }
}

修改完成之后

# 检查配置是否有误
sudo nginx -t

# 重载 Nginx 配置
sudo nginx -s reload

Q.E.D.

知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议