堕落不振功业废,勤耕不辍日月新

nginx代理http和https

综合 hailen 14℃

nginx.conf配置:

user  www;
worker_processes  auto;
error_log logs/error.log  notice;
pid        logs/nginx.pid;

worker_rlimit_nofile 65535;
events {
    use epoll;
    worker_connections  65535;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  'remote_addr:$remote_addr remote_user:$remote_user time_local:[$time_local] request:$request '
                      'status:$status body_bytes_sent:$body_bytes_sent http_referer:$http_referer '
                      'http_user_agent:$http_user_agent upstream_addr:$upstream_addr server_name:$server_name '
                      'http_x_forwarded_for:$http_x_forwarded_for request_time:$request_time';

    access_log  logs/access.log  main;

    sendfile        on;
    tcp_nopush     on;
    tcp_nodelay on;
    server_tokens off;
    server_names_hash_bucket_size 128;
    keepalive_timeout  600;
    types_hash_max_size 2048;
    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_comp_level 2;
    gzip_types text/css text/xml application/javascript  text/plain application/json applicatio
n/rss+xml application/x-javascript text/javascript application/xml;
    gzip_vary on;
    gzip_disable "MSIE [1-6].";

    proxy_connect_timeout 3000;
    proxy_send_timeout 3000;
    proxy_read_timeout 3000;
    proxy_buffer_size 1024k;
    proxy_buffers 32 1024k;
    proxy_busy_buffers_size 1024k;
    proxy_temp_file_write_size 1024k;


    upstream  F5_preCouponPay {
                server 192.168.52.11:8002 max_fails=3 weight=1 fail_timeout=3s;
    } 

    upstream  F5_couponPay {
                server 192.168.52.11:8081 max_fails=3 weight=1 fail_timeout=3s;
    } 


# http #########################################
   server {
        listen  80 default_server;
        server_name _;

        location / {
                deny all;
        }

        location /nginx-status {
                stub_status on;
                allow 127.0.0.1;
                deny all;
        }
    }

   server {
        listen       80;
        server_name  192.168.52.11;

        location / {
                deny all;
        }

    location /pre-coupon-pay {
        rewrite ^(.*) https://$server_name$1 permanent;
    }

    location /couponPay { 
            rewrite ^(.*) https://$server_name$1 permanent;
    }
  }


# https #########################################


   server {
        listen 443 ssl default_server;
        server_name _;
        ssl_certificate  /usr/local/nginx/conf/ssl/_.card.com.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/_.card.com.key;
        ssl_session_timeout  5m;
        ssl_protocols  TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers  RSA:!EXP:!NULL:+HIGH:-DES:-3DES:-MEDIUM:-LOW;
        ssl_prefer_server_ciphers   on;

        location / { 
                deny all;
        }
    }


   server {
        listen        443 ssl;
        server_name  192.168.52.11;
        ssl_certificate      /usr/local/nginx/conf/ssl/_.card.com.crt;
        ssl_certificate_key  /usr/local/nginx/conf/ssl/_.card.com.key;
        ssl_session_timeout  5m;
        ssl_protocols  TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers  RSA:!EXP:!NULL:+HIGH:-DES:-3DES:-MEDIUM:-LOW;
        ssl_prefer_server_ciphers   on;

        location / {
            deny all;
        }

        location /pre-coupon-pay {
            proxy_pass http://F5_preCouponPay/pre-coupon-pay;
            proxy_redirect off;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $http_host;
        }

        location /couponPay { 
            proxy_pass http://F5_couponPay/couponPay;
            proxy_redirect off;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $http_host;
        }
   }
}

转载请注明:我是IT » nginx代理http和https

喜欢 (0)or分享 (0)