1 安装 Nginx {#heading-1}

yum install gcc pcre-devel openssl-devel -y && \
cd /opt && \
wget http://nginx.org/download/nginx-1.20.2.tar.gz && \
tar -zxvf nginx-1.20.2.tar.gz && \
cd nginx-1.20.2 && \
./configure --prefix=/opt/nginx --with-http_stub_status_module --with-http_ssl_module  --with-http_realip_module --with-stream && \
make && make install

2 修改 Nginx 配置 {#heading-2}

备份配置文件：

cp /opt/nginx/conf/nginx.conf /opt/nginx/conf/nginx.conf.bak

将下列 server 加入 nginx.conf：

vim nginx.conf
 server { #强制跳转 https
    listen       80;
    #修改为实际环境的域名
    server_name  bi.ipsunshine.net;
    return      301 https://$server_name$request_uri;
 }
 server {
            listen 443 ssl;
	#修改为实际环境的域名
            server_name <域名>;
	#修改为实际证书
            ssl_certificate dataease.top_bundle.crt;
            ssl_certificate_key dataease.top.key;
            ssl_session_timeout 1d;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
            ssl_prefer_server_ciphers on;
            location / {
		#将IP和端口改为DataEase服务器的访问地址和端口
                    proxy_pass   http://172.31.0.48:9876/;
                    server_name_in_redirect off;
                    # websocket 代理
                    proxy_http_version      1.1;
                    proxy_set_header        Upgrade         $http_upgrade;
                    proxy_set_header        Connection "upgrade";

                    proxy_redirect             http:// https://;
                    proxy_set_header           Host $host:$server_port;
                    proxy_set_header           X-Real-IP $remote_addr;
                    proxy_set_header           X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header           X-Forwarded-Proto $scheme;
            }
    }

3 启动 Nginx 并验证 {#heading-3}

启动 Nginx：

/opt/nginx/sbin/nginx

检查端口：

ss -an|grep 443
tcp    LISTEN     0      128       *:443                  *:*   

在浏览器通过 https 方式访问 Nginx 服务器,会跳转到 DataEase 的页面：

https://域名或IP