Open uniquejava opened 6 years ago
(Recommended) Modify the Unencrypted Virtual Host File to Redirect to HTTPS
As it stands now, the server will provide both unencrypted HTTP and encrypted HTTPS traffic. For better security, it is recommended in most cases to redirect HTTP to HTTPS automatically. If you do not want or need this functionality, you can safely skip this section.
To redirect all traffic to be SSL encrypted, create and open a file ending in .conf in the /etc/httpd/conf.d
directory:
sudo vi /etc/httpd/conf.d/non-ssl.conf
Inside, create a VirtualHost block to match requests on port 80. Inside, use the ServerName directive to again match your domain name or IP address. Then, use Redirect to match any requests and send them to the SSL VirtualHost. Make sure to include the trailing slash: /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName www.example.com
Redirect "/" "https://www.example.com/"
</VirtualHost>
以上配置就是把所有的http://www.example.com
重定向为https://www.example.com
.
Save and close this file when you are finished.
sudo apachectl configtest
sudo systemctl restart httpd.service
需求
有一个后端nodejs项目, 假设通过
npm start
运行在 http://domain.com:9000/api/cool 有一个前端vuejs项目, 假设通过npm run serve
运行在 http://domain.com:3000, 大家通过http://domain.com:3000 可以访问到前台这个SPA应用.我想:
思路
首先这个
npm run dev
是vue通过webpack启动的test server(基于expressjs) 以开发模式运行的, 不适合production. 可以通过npm run build
将前台的代码编译到dist目录 dist目录中都是静态文件, 随便找个服务器都可以serve. 有nginx和apache可以选择. 出于简单并且用户量不是很大的考虑, 我安装了apache然后配置好了https, 并且所有的http请求自动转向到https. 此时前台可以通过https访问, 但是前台通过ajax调用后台nodejs上的http api时, 出现跨域问题(协议不匹配) 可以改造nodejs, 让其支持https, 更简单的办法是在apache上配置反向代理, 比如将所有的https://domain.com/api
的请求映射到http://domain.com:8000/api
上参考了下面这多资料:
RHEL7 安装apache server
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-web_servers#s1-The_Apache_HTTP_Server
RHEL7 配置apache https
https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7
配置apache反向代理
https://tecadmin.net/setup-apache-as-reverse-proxy-for-tomcat/
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
如果是http就配置到
/etc/httpd/conf.d/non-ssl.conf(文件不存在则新建)
, 如果是https就配置到/etc/httpd/conf.d/ssl.conf
,sudo vim /etc/httpd/conf.d/ssl.conf sudo apachectl configtest sudo systemctl restart httpd.service
其它
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_confined_services/chap-managing_confined_services-the_apache_http_server