nginx转发配置例子
upstream testconsumer.suofeiyahome.com_443 {
server 127.0.0.1:44921;
}
upstream testconsumer.suofeiyahome.com_443_dist {
server 127.0.0.1:14103;
}
server {
listen 443 ssl;
server_name testconsumer.suofeiyahome.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate cert/suofeiyahome.com.pem; #.pem、.crt文件
ssl_certificate_key cert/suofeiyahome.com.key; #.key文件
ssl_session_timeout 5m; #缓存时间
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; #支持协议
ssl_prefer_server_ciphers on; #优先使用服务器加密算法
location / {
# note, there is not SSL here!plain HTTP is used
proxy_pass http://testconsumer.suofeiyahome.com_443;
proxy_set_header Host $host; #保留代理之前的host
proxy_set_header X-Real-IP $remote_addr; #保留代理之前的真实客户端ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #HTTP的请求端真实的IP,只在HTTP代理或者负载均衡时才会添加
proxy_set_header X-Forwarded-Proto https; #用于识别协议(HTTP 或 HTTPS),确定客户端和负载平衡器之间使用的协议
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; #在多级代理的情况下,记录每次代理之前的客户端真实ip
proxy_redirect default; #指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true' ;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS,CONNECT';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,Pragma,Cache-Control,If-Modified-Since,userToken,appid,sign,t';
if ($request_method = 'OPTIONS') {
return 200;
}
}
location /dist/ {
# note, there is not SSL here!plain HTTP is used
proxy_pass http://testconsumer.suofeiyahome.com_443_dist;
proxy_set_header Host $host; #保留代理之前的host
proxy_set_header X-Real-IP $remote_addr; #保留代理之前的真实客户端ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #HTTP的请求端真实的IP,只在HTTP代理或者负载均衡时才会添加
proxy_set_header X-Forwarded-Proto https; #用于识别协议(HTTP 或 HTTPS),确定客户端和负载平衡器之间使用的协议
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; #在多级代理的情况下,记录每次代理之前的客户端真实ip
proxy_redirect default; #指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true' ;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS,CONNECT';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,Pragma,Cache-Control,If-Modified-Since,userToken,appid,sign,t';
if ($request_method = 'OPTIONS') {
return 200;
}
}
}
upstream mln.suofeiyahome.com_443 {
server 127.0.0.1:6769;
}
server {
listen 443 ssl;
server_name mln.suofeiyahome.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate cert/suofeiyahome.com.pem; #.pem、.crt文件
ssl_certificate_key cert/suofeiyahome.com.key; #.key文件
ssl_session_timeout 5m; #缓存时间
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; #支持协议
ssl_prefer_server_ciphers on; #优先使用服务器加密算法
location / {
# note, there is not SSL here!plain HTTP is used
proxy_pass http://mln.suofeiyahome.com_443;
proxy_set_header Host $host; #保留代理之前的host
proxy_set_header X-Real-IP $remote_addr; #保留代理之前的真实客户端ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #HTTP的请求端真实的IP,只在HTTP代理或者负载均衡时才会添加
proxy_set_header X-Forwarded-Proto https; #用于识别协议(HTTP 或 HTTPS),确定客户端和负载平衡器之间使用的协议
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; #在多级代理的情况下,记录每次代理之前的客户端真实ip
proxy_redirect default; #指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
}
}
