nginx 配置 记录

nginx.conf 

user root; # 执行nginx 用户
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;  # 识别文件类型， 防止被转化为文本类型  解决css 无法生效的问题
default_type application/octet-stream;
server {
listen 443; # https 默认端口
server_name www.gz-eye.cn; # 域名设置
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;  # HTTPS 证书
ssl_certificate_key /etc/nginx/ssl/server.key; # HTTPS 证书
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#SSLv2 SSLv3 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; #ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

location / {
#root html;
#index testssl.html index.html index.htm;
proxy_pass http://127.0.0.1:8888;   # 内部端口请求
proxy_set_header X-Real-IP $remote_addr; # 设置访问IP
}
}
server {
listen 443;
server_name wap.gz-eye.cn;

ssl on;
ssl_certificate /etc/nginx/ssls/server.crt;
ssl_certificate_key /etc/nginx/ssls/server.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#SSLv2 SSLv3 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; #ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

root /root/web/;

location ~.*\.(js|css)?$ {
proxy_set_header Content-Type 'text/css; charset=utf-8';
}
location ~ \.(jpg|png|jpeg|gif)$ {
expires 4h; # 缓存时间
}
}

include /etc/nginx/conf.d/*.conf;
}
~

conf.d/web.conf

server {
listen 80;
server_name wap.gz-eye.cn;
location /{
root /root/web/; # 访问服务器静态文件
}

}

conf.d/default.conf

server {
listen 80;
server_name gz-eye.cn;
#使用return的效率会更高
location /{
proxy_pass http://127.0.0.1:8888; # 内部端口请求
}
return 301 https://$server_name$request_uri; # http请求直接重定向到https
}