nginx ssl配置 負載均衡策略
阿新 • • 發佈:2020-08-27
#效能配置 一般配置cpu的核數
worker_processes 64;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#負載均衡策略
upstream testTomcat{
#server 192.168.0.177:5148 weight=2 ;
server 192.168.0.111:8080 weight=1;
#server 192.168.0.173:8080 weight=1;
#ip_hash;
}
server {
#監聽5148埠,你的可能是80或者8080
listen 5148;
#如果有防火牆要對映內網ip到一個外網ip,這裡寫外網即統一訪問的那個ip
server_name 192.168.0.172;
location / {
root html;
index index.html index.htm;
proxy_set_header Host $host;
#使用分配規則,即上面自定義新增的負載均衡策略upstream節點
proxy_pass http://testTomcat/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 8080 ;
server_name 192.168.0.111;
location / {
root html;
index index.html index.htm;
}
return 301 https://$host$request_uri;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#設定虛擬主機配置
server {
#偵聽443埠,這個是ssl訪問埠
listen 443 ssl;
#定義使用 訪問域名
server_name 192.168.0.111;
#定義伺服器的預設網站根目錄位置
root /usr/share/nginx/html;
ssl_certificate /opt/my_key_store.crt;#證書檔案
ssl_certificate_key /opt/my_store.key;#證書檔案
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location ^~ /oms/ {
proxy_redirect http:// https://;#這行解決伺服器內部 http沒跳轉到https的問題
proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.111:7001/oms/;
}
#我的驗證碼,如果沒有可以去掉,這行不配置好像也沒影響servlet驗證碼的使用,如果有問題可以新增這些配置
location ^~ /oms/servlet/ValidCode {
proxy_redirect http:// https://;
proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.111:7001/oms/servlet/ValidCode;
}
#預設請求
location / {
root html;
#定義首頁索引檔案的名稱
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
#靜態檔案,nginx自己處理
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
#過期30天,靜態檔案不怎麼更新,過期可以設大一點,
#如果頻繁更新,則可以設定得小一點。
expires 30d;
}
}
}