nginx 反向代理 配置 https 实现http https同时存在 经测试 支持location 规则

 

server {
        listen 443 ssl;  ＃监听443端口
        server_name www.app01.com;
        ssl on;                ＃启用ssl加密
        ssl_certificate /etc/cert/xip.io.crt;                 ＃服务器证书crt文件
        ssl_certificate_key /etc/cert/xip.io.key;       ＃服务器私钥key文件
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://192.168.1.109:8010/;
         }
 }
server {

        listen 443 ssl;
        server_name www.app02.com;
        ssl on;
        ssl_certificate /etc/cert/xip.io.crt;
        ssl_certificate_key /etc/cert/xip.io.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://192.168.1.116:8020/;
         }

 后端app宕机会被踢掉，恢复自动加入：

upstream app_pools {
        session_sticky;
        server 192.168.1.109:8010 weight=1;
        server 192.168.1.116:8020 weight=1;
        check interval=3000 rise=2 fall=4 timeout=2000;
 }
server {
        listen 443 ssl;
        server_name www.app01.com;
        ssl on;
        ssl_certificate /etc/cert/xip.io.crt;
        ssl_certificate_key /etc/cert/xip.io.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://app_pools;
                proxy_set_header Host            $host;
                proxy_set_header X-Real-IP       $remote_addr;
                #proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for;

         }
 }

 配置间容http https两种：

server {
        listen 80;
        listen 443;
        server_name www.app01.com;
        ssl on;
        ssl_certificate /etc/cert/xip.io.crt;
        ssl_certificate_key /etc/cert/xip.io.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://10.100.0.195:8010/;
         }
 }

 如果在主配置文件中监听的端口不是80,再虚机的时候配置文件是如下：注释掉ssl on; 在listen 443 后面加上ssl;

[root@ha01 conf]# cat hosts.conf
upstream app01_pools { 
    session_sticky;
    server 10.100.0.195:8010 weight=1;
    #server 192.168.1.116:8020 weight=1;
    check interval=3000 rise=2 fall=4 timeout=2000;
 }
upstream app02_pools { 
    session_sticky;
    server 10.100.0.192:8020 weight=1;
    check interval=3000 rise=2 fall=4 timeout=2000;
 }
server { 
    listen 80;
    listen 443 ssl;
    server_name www.app01.com apps01.com;
    #ssl on;
    ssl_certificate /etc/cert/xip.io.crt;
    ssl_certificate_key /etc/cert/xip.io.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / { 
        proxy_pass http://app01_pools;
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP      $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for;

     }
 }
server { 
    listen 80;
    listen 443 ssl;
    server_name www.app02.com app02.com;
    #ssl on;
    ssl_certificate /etc/cert/xip.io.crt;
    ssl_certificate_key /etc/cert/xip.io.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / { 
        proxy_pass http://app02_pools;
        proxy_set_header Host         $host;
        proxy_set_header X-Real-IP    $remote_addr;
     }    
 }
[root@ha01 co

 nginx 配置https　经测试　支持location 规则

 还有一点就是nginx只要一个vhost开了80端口，也就是服务器开了80端口，当配另一台https时即不配上80端口，同会有80端口，因为服务器，已经开来不80.