nginx配置及HTTPS配置示例
一、nginx简单配置示例
user www www; worker_processes 10; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; #最大文件描述符 worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; } http { include conf/mime.types; default_type application/octet-stream; keepalive_timeout 120; tcp_nodelay on; upstream www.xxx.com { server 192.168.1.2:80; server 192.168.1.3:80; server 192.168.1.4:80; server 192.168.1.5:80; } upstream blog.xxx.com { server 192.168.1.7:8080; server 192.168.1.7:8081; server 192.168.1.7:8082; } server { listen 80; server_name www.xxx.com; location / { proxy_pass http://www.zyan.cc; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; } log_format www_xxx_com '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /data1/logs/www.log www_xxx_com; } server { listen 80; server_name blog.xxx.com; location / { proxy_pass http://blog.zyan.cc; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; } log_format blog_xxx_com '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /data1/logs/blog.log blog_xxx_com; } }
二、HTTPS配置示例
upstream xxx_xxx_xxx { server 192.168.1.7:8080; server 192.168.1.7:8081; server 192.168.1.7:8082; } server { listen 443; server_name xxx.xxx.xxx; access_log /home/chenwebstore1/logs/xxx.xxx.xxx/https.29289080/access.log combined; error_log /home/chenwebstore1/logs/xxx.xxx.xxx/https.29289080/error.log error; ssl on; ssl_certificate keys/xxx.xxx.xxx.pem; ssl_certificate_key keys/xxx.xxx.xxx.key; ssl_session_cache shared:ssl.xxx.xxx.xxx:128k; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; location / { proxy_pass http://xxx_xxx_xxx; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; } }
其中ssl_certificate_key文件格式为:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
其中ssl_certificate文件格式(后缀可以为cer)为:
(Certificate:)
----BEGIN CERTIFICATE-----
----END CERTIFICATE-----
(Intermediate Certificate:)
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
上面这三段字符串值可以在HTTPS证书申请时获取到。