记录一个nginx的proxy_pass

server {
	listen 80;
	server_name www.hw801.com;
	server_name_in_redirect off;
	access_log  /home/logs/nginx/www.hw801.com/access_log main;
        error_log  /home/logs/nginx/www.hw801.com/error_log;
	log_not_found on;

	location / {
		proxy_read_timeout      300;
		proxy_connect_timeout   300;
		proxy_redirect          off;
		proxy_http_version 1.1;
		proxy_pass				http://10.10.10.12;
		proxy_set_header    Host                $host;
		proxy_set_header    X-Real-IP           $remote_addr;
		proxy_set_header    X-Forwarded-Ssl     on;
		proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
	}
}

server {
	listen 443 ssl;
        server_name www.hw801.com;
	server_name_in_redirect off;
	#ssl			on;
	ssl_certificate		certs/hw801.com.crt;
	ssl_certificate_key	certs/hw801.com.key;
	ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers		"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RS
A-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DE
S-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
	#ssl_prefer_server_ciphers	on;
	ssl_session_cache		shared:SSL:10m;
	ssl_session_timeout		10m;
        access_log  /home/logs/nginx/www.hw801.com/access443_log main;
        error_log  /home/logs/nginx/www.hw801.com/error443_log;
	log_not_found on;
	location / {
		proxy_read_timeout      300;
		proxy_connect_timeout   300;
		proxy_redirect          off;
		proxy_http_version 1.1;
		proxy_pass				http://10.10.10.12;
		proxy_set_header    Host                $host;
		proxy_set_header    X-Real-IP           $remote_addr;
		proxy_set_header    X-Forwarded-Ssl     on;
		proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
		proxy_set_header    X-Forwarded-Proto   https;
		proxy_set_header    X-Forwarded-Port    443;
	}
}     

可增加80强制443

	if ($scheme != https) {
		rewrite ^(.+)$ https://$host$1 permanent;
	}