nginx配置及HTTPS配置示例

一、nginx简单配置示例

user  www www;

worker_processes 10;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

#最大文件描述符
worker_rlimit_nofile 51200;

events 
{
      use epoll;
      worker_connections 51200;
}

http 
{
      include       conf/mime.types;
      default_type  application/octet-stream;

      keepalive_timeout 120;

      tcp_nodelay on;

      upstream  www.xxx.com  {
              server   192.168.1.2:80;
              server   192.168.1.3:80;
              server   192.168.1.4:80;
              server   192.168.1.5:80;
      }

      upstream  blog.xxx.com  {
              server   192.168.1.7:8080;
              server   192.168.1.7:8081;
              server   192.168.1.7:8082;
      }

      server
      {
              listen  80;
              server_name  www.xxx.com;

              location / {
                       proxy_pass        http://www.zyan.cc;
                       proxy_set_header   Host             $host;
                       proxy_set_header   X-Real-IP        $remote_addr;
                       proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                       proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
              }

              log_format  www_xxx_com  '$remote_addr - $remote_user [$time_local] $request '
                                '"$status" $body_bytes_sent "$http_referer" '
                                '"$http_user_agent" "$http_x_forwarded_for"';
              access_log  /data1/logs/www.log  www_xxx_com;
      }

      server
      {
              listen  80;
              server_name  blog.xxx.com;

              location / {
                       proxy_pass        http://blog.zyan.cc;
                       proxy_set_header   Host             $host;
                       proxy_set_header   X-Real-IP        $remote_addr;
                       proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                       proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
              }

              log_format  blog_xxx_com  '$remote_addr - $remote_user [$time_local] $request '
                                '"$status" $body_bytes_sent "$http_referer" '
                                '"$http_user_agent" "$http_x_forwarded_for"';
              access_log  /data1/logs/blog.log  blog_xxx_com;
      }
}

二、HTTPS配置示例

upstream  xxx_xxx_xxx  {
    server   192.168.1.7:8080;
    server   192.168.1.7:8081;
    server   192.168.1.7:8082;
}
server {
    listen 443;

    server_name xxx.xxx.xxx;

    access_log /home/chenwebstore1/logs/xxx.xxx.xxx/https.29289080/access.log combined;
    error_log /home/chenwebstore1/logs/xxx.xxx.xxx/https.29289080/error.log error;

    ssl on;
    ssl_certificate keys/xxx.xxx.xxx.pem;
    ssl_certificate_key keys/xxx.xxx.xxx.key;
    ssl_session_cache shared:ssl.xxx.xxx.xxx:128k;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


    location / {
        proxy_pass        http://xxx_xxx_xxx;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
    }
}

其中ssl_certificate_key文件格式为:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

其中ssl_certificate文件格式(后缀可以为cer)为:

(Certificate:)
----BEGIN CERTIFICATE-----
----END CERTIFICATE-----
(Intermediate Certificate:)
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

上面这三段字符串值可以在HTTPS证书申请时获取到。

posted @ 2015-05-20 11:25  观海云不远  阅读(689)  评论(0编辑  收藏  举报