1. 程式人生 > >關於https工程的簡單nginx的簡單配置

關於https工程的簡單nginx的簡單配置

功能 nginx cti roc write 推薦 push span intercept

1.下載域名的ssl證書,由於項目部署在阿裏雲上,就用了阿裏推薦的賽門鐵克,用Let‘s Encrypt的也不錯。

2.nginx的配置如下:

worker_processes  8;

error_log  error.log;


events {
    worker_connections  1024;
}


http{
    server_tokens off;
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
                      ‘$status $body_bytes_sent "$http_referer" ‘
                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    
  #工程1 upstream project1_http{ #工程1端口 server ip地址:8190; } upstream project2_http{ #工程2端口 server ip地址:8089; } server { listen 80; server_name website_http; charset utf-8; access_log logs/web.log;
     //域名後子訪問名 location /project1/ { proxy_pass http://project1_http/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } location /project2/ { proxy_pass http://project2_http/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } }
  #項目使用到了騰訊雲的對象存儲功能,用於存儲圖片、視頻 upstream cos-auth-server{ #鑒權443口 server ip地址:33575; } upstream project2_https{ #項目443口 server ip地址:8089; } server { listen 443; server_name website_https; ssl on; ssl_certificate cert/證書.pem; ssl_certificate_key cert/證書.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; ssl_prefer_server_ciphers on; location /cosauth/ { proxy_pass http://cos-auth-server/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } location /project2/ { proxy_pass http://project2_https/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } } }

關於https工程的簡單nginx的簡單配置