nginx 1.18配置ssl问题

把一个NETCORE网站部署到NGINX上,按微软官方文档弄好了 https://docs.microsoft.com/zh-cn/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-3.1

想配置SSL的HTTPS证书,腾讯云上申请了免费的,之前在WIN+IIS 配置是成功的,按网上的弄好了,我的用的是宝塔的NGINX,可以在网页上建立网站了改NGINX配置文件就行了,

配置好后重启NGINX了,结果不行的,搜索一翻,原来是centos服务器自带的firewall防火墙的问题,https://www.jianshu.com/p/17b73ad6a4b8, xshel上运行以下命令就行了



firewall-cmd --zone=public --add-port=443/tcp --permanent  增加443端口

firewall-cmd --reload  重启防火墙



或者直接就把防火墙停掉


systemctl stop firewalld


其他备注:

在xshell 里登录LINUX服务器后,输入BT命令,可以查看宝塔默认的安装信息



以下是我的nginx配置文件:

 server {
listen 80;
server_name tudi.niunan.net;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
} 
server {
     #SSL 访问端口号为 443
     listen 443 ssl; 
     #填写绑定证书的域名
     server_name tudi.niunan.net;
     #证书文件名称
     ssl_certificate /www/server/nginx/conf/1_tudi.niunan.net_bundle.crt; 
     #私钥文件名称
     ssl_certificate_key /www/server/nginx/conf/2_tudi.niunan.net.key; 
     ssl_session_timeout 5m;
     #请按照以下协议配置
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
     #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
     ssl_prefer_server_ciphers on;
     location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

     }
 }