關於https工程的簡單nginx的簡單配置
阿新 • • 發佈:2018-01-21
功能 nginx cti roc write 推薦 push span intercept
1.下載域名的ssl證書,由於項目部署在阿裏雲上,就用了阿裏推薦的賽門鐵克,用Let‘s Encrypt的也不錯。
2.nginx的配置如下:
worker_processes 8; error_log error.log; events { worker_connections 1024; } http{ server_tokens off; include mime.types; default_type application/octet-stream; log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘ ‘$status $body_bytes_sent "$http_referer" ‘ ‘"$http_user_agent" "$http_x_forwarded_for"‘; access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on;
#工程1 upstream project1_http{ #工程1端口 server ip地址:8190; } upstream project2_http{ #工程2端口 server ip地址:8089; } server { listen 80; server_name website_http; charset utf-8; access_log logs/web.log;
//域名後子訪問名 location /project1/ { proxy_pass http://project1_http/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } location /project2/ { proxy_pass http://project2_http/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } }
#項目使用到了騰訊雲的對象存儲功能,用於存儲圖片、視頻 upstream cos-auth-server{ #鑒權443口 server ip地址:33575; } upstream project2_https{ #項目443口 server ip地址:8089; } server { listen 443; server_name website_https; ssl on; ssl_certificate cert/證書.pem; ssl_certificate_key cert/證書.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; ssl_prefer_server_ciphers on; location /cosauth/ { proxy_pass http://cos-auth-server/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } location /project2/ { proxy_pass http://project2_https/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } } }
關於https工程的簡單nginx的簡單配置