HTTPS Configuration Guide
Standalone Version Supports HTTPS Access
1. Preparation
Layer-7 proxy (Nginx, LB, etc.)
Access domain name and certificate
2. Operation
Execute
cd /data/tencent/weda
to switch to the installation directory;Execute
vim config.yaml
to edit theconfig.yaml
file;Modify the
config.yaml
file as follows:
domainProtocol: https
domain: <Replace with your https access domain>
domainPort: 443
serverPort: 8080
Execute
./upgrade.sh
in the current directory to restart the service and apply the configurationConfigure proxy forwarding (Here we take Nginx as an example; for LB configuration, set up the certificate based on the actual situation and forward to
http://<VM IP>:8080
.)
nginx.conf
# Global Configuration
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
# Event Module Configuration
events {
worker_connections 1024;
}
# HTTP Module Configuration
http {
# MIME Type Mapping
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Log Format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# Access Log
access_log /var/log/nginx/access.log main;
# Gzip Compression
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
# The body size must be set, otherwise publishing the application will report an error.
client_max_body_size 500m;
client_body_buffer_size 10m;
gzip_types application/javascript application/json application/xml
application/xhtml+xml text/css text/plain text/xml;
server {
listen 443 ssl;
server_name <replace with your access domain>; # <- Change this to match server_name above
# SSL Certificate and Private Key
ssl_certificate /etc/nginx/certs/server.crt; # <- Change this to your .crt file name
ssl_certificate_key /etc/nginx/certs/server.key; # <- Change this to your .key file name
# Root Path Proxy
location / {
proxy_pass http://<replace with VM IP address>:8080; # <== weda service ip
proxy_set_header X-Forwarded-Proto $scheme; # Key: Pass the original protocol
proxy_set_header Host $http_host;
}
}
}
Certificate storage path
/etc/nginx
├── certs
│ ├── server.cert
│ └── server.key
└── nginx.conf
- After the rules are configured and domain name resolution is set up, you can access using
https://<access domain>/dev/