ssl功能实现（需要使用 Nginx 反向代理）参考 #146

eveloki · 2019-12-11T08:07:24Z

看到教程里面提到的实现ssl 的nginx部分说的不太详细尽我所能补充下

第一 nginx反向代理配置
默认http端口为80 ssl端口为443

这部分是http强制重定向到https（443）看你自己需要不需要

server {
	       listen 80 default_server;
		listen [::]:80 default_server;
	        #redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
		return 301 https://$host$request_uri;
	}

反向代理部分很重要


server {
		listen 443ssl http2; #443就是开放的https端口
		listen [::]:443ssl http2;
                # 常规的ssl证书配置
		# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
		ssl_certificate /nginx-1.17.5/path/to/???????.crt;
		ssl_certificate_key /nginx-1.17.5/path/to/???????.key;
		ssl_session_timeout 1d;
		ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
		ssl_session_tickets off;
                # dhparam 设置 如果不清楚就注释掉
		# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
		ssl_dhparam /nginx-1.17.5/path/to/dhparam.pem;
                
                # 推荐安全配置
		# intermediate configuration
		ssl_protocols TLSv1.2 TLSv1.3;
		ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
		ssl_prefer_server_ciphers off;

		# OCSP stapling
		ssl_stapling on;
		ssl_stapling_verify on;

		# verify chain of trust of OCSP response using Root CA and Intermediate certs
		ssl_trusted_certificate /nginx-1.17.5/path/to/TrustAsiaTLSECCCA.crt;

		# replace with the IP address of your resolver
		resolver 223.5.5.5 223.6.6.6 114.114.114.114 valid=3600s;
		
		#向上游服务器传变量
                #核心转发 第一步 反向代理web服务
		location / {
		    proxy_set_header Host $host;   
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-F $proxy_add_x_forwarded_for;
			proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_pass http://127.0.0.1:23333;  # 这里要填写本地面板地址
        }
          #核心转发 第而步 反向代理websocket服务
		location /websocket/ws {
		    proxy_set_header Host $host;   
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-F $proxy_add_x_forwarded_for;
			proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_pass http://127.0.0.1:23333/websocket/ws; # 这里要填写本地面板websocket地址
        }
	}

第二 public\common\URL.js里面需要修改参考以下范本

//标准的URL定位器
//如果你的程序不在根目录，可以考虑更改这里，或者你有什么其他姿势。
//如果你需要反向代理加入SSL，请更改此处


//某些 login 页面没有 MCSERVER 全局变量，在此实例化
if (window.MCSERVER == undefined) window.MCSERVER = {};

var protocolStr = document.location.protocol;
if(protocolStr == "http:")
{
   console.log("protocol = " + protocolStr);
   //Ws 默认协议
MCSERVER.WS_PROTOCOL = 'ws://';
//HTTP 默认协议
MCSERVER.HTTP_PROTOCOL = 'http://';
}
else if(protocolStr == "https:")
{
   console.log("protocol = " + protocolStr);
   //Ws 默认协议
MCSERVER.WS_PROTOCOL = 'wss://';
//HTTP 默认协议
MCSERVER.HTTP_PROTOCOL = 'https://';
}



//URL定位器
MCSERVER.URL = function (url, protocol) {
	var _protocol = protocol || MCSERVER.HTTP_PROTOCOL;
	var hostName = window.location.host;
	var openURL = hostName + '/' + url;
	return _protocol + openURL;
};

这个修改说明仅限当前版本（8.5.8）
有那位大佬帮我优化下排版呗。。。。。。。这个排版真难用

The text was updated successfully, but these errors were encountered:

eveloki · 2019-12-11T08:17:39Z

最终效果图功能完全正常

YuMao233 · 2019-12-12T10:24:28Z

感谢提供！谢谢为此项目做的贡献

参考：#146

bddjr · 2023-04-09T10:57:04Z

考古

eveloki closed this as completed Dec 15, 2019

YuMao233 added a commit that referenced this issue Dec 17, 2019

新增 146 issue 到 readme.md

87465a0

参考：#146

YuMao233 mentioned this issue Jan 9, 2020

MCSM的localhost:23333服务+tcp隧道+Nginx反向代理，可以进行登录，但一直显示正在传输资源 #156

Closed

xrh0905 mentioned this issue Sep 25, 2021

自适应HTTPS #486

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ssl功能实现（需要使用 Nginx 反向代理）参考 #146

ssl功能实现（需要使用 Nginx 反向代理）参考 #146

eveloki commented Dec 11, 2019 •

edited by YuMao233

Loading

eveloki commented Dec 11, 2019

YuMao233 commented Dec 12, 2019

bddjr commented Apr 9, 2023

ssl功能实现（需要使用 Nginx 反向代理 ）参考 #146

ssl功能实现（需要使用 Nginx 反向代理 ）参考 #146

Comments

eveloki commented Dec 11, 2019 • edited by YuMao233 Loading

这部分是http强制重定向到https（443） 看你自己需要不需要

反向代理部分 很重要

第二 public\common\URL.js里面需要修改 参考以下范本

eveloki commented Dec 11, 2019

YuMao233 commented Dec 12, 2019

bddjr commented Apr 9, 2023

ssl功能实现（需要使用 Nginx 反向代理）参考 #146

ssl功能实现（需要使用 Nginx 反向代理）参考 #146

eveloki commented Dec 11, 2019 •

edited by YuMao233

Loading

这部分是http强制重定向到https（443）看你自己需要不需要

反向代理部分很重要

第二 public\common\URL.js里面需要修改参考以下范本