nginx 配置 记录
nginx.conf
user root; # 执行nginx 用户
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types; # 识别文件类型, 防止被转化为文本类型 解决css 无法生效的问题
default_type application/octet-stream;
server {
listen 443; # https 默认端口
server_name www.gz-eye.cn; # 域名设置
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt; # HTTPS 证书
ssl_certificate_key /etc/nginx/ssl/server.key; # HTTPS 证书
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#SSLv2 SSLv3 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; #ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
#root html;
#index testssl.html index.html index.htm;
proxy_pass http://127.0.0.1:8888; # 内部端口请求
proxy_set_header X-Real-IP $remote_addr; # 设置访问IP
}
}
server {
listen 443;
server_name wap.gz-eye.cn;
ssl on;
ssl_certificate /etc/nginx/ssls/server.crt;
ssl_certificate_key /etc/nginx/ssls/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#SSLv2 SSLv3 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; #ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
root /root/web/;
location ~.*\.(js|css)?$ {
proxy_set_header Content-Type 'text/css; charset=utf-8';
}
location ~ \.(jpg|png|jpeg|gif)$ {
expires 4h; # 缓存时间
}
}
include /etc/nginx/conf.d/*.conf;
}
~
conf.d/web.conf
server {
listen 80;
server_name wap.gz-eye.cn;
location /{
root /root/web/; # 访问服务器静态文件
}
}
conf.d/default.conf
server {
listen 80;
server_name gz-eye.cn;
#使用return的效率会更高
location /{
proxy_pass http://127.0.0.1:8888; # 内部端口请求
}
return 301 https://$server_name$request_uri; # http请求直接重定向到https
}
posted on 2018-02-28 12:33 0o0o0o0o0o000 阅读(69) 评论(0) 编辑 收藏 举报