Nginx配置https以及配置说明

示例

worker_processes 1;

events {
  worker_connections 1024;
}

http {
  #均衡负载
  upstream demo{
    server localhost:55328;
    server localhost:55329;
  }

  include mime.types;
  default_type application/octet-stream;

  sendfile on;
  #保持连接时间
  keepalive_timeout 65;
  #允许请求最大数据量
  client_max_body_size 500m;
  map $http_upgrade $connection_upgrade {
    default upgrade;
  }
#访问80端口,重定向到https
  server {
    listen 80;
    server_name [server_name];
    rewrite ^(.*)$ https://${server_name}$1 permanent;
  }

  server {
    listen 443 ssl;
    server_name [server_name];
    
    #ssl_certificate ./ssl/[server_name].pem; # 指定证书的位置,Linux上可以设置相对路径,Windows上要设置绝对路径
    #ssl_certificate_key ./ssl/[server_name].key; # 同上 
    #ssl_trusted_certificate ./ssl/[server_name].cer;
   
    ssl_certificate         ./ssl/fullchain.cer; 
    ssl_certificate_key     ./ssl/[server_name].key;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
    ssl_prefer_server_ciphers on;

    proxy_set_header    Host                 $host;
    proxy_set_header    X-Real-IP             $remote_addr;
    proxy_set_header    X-Forwarded-For       $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto     $scheme;

    location / {
      proxy_connect_timeout 1;
      proxy_pass http://demo;
    }
    location /NotiHub {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_pass http://demo/NotiHub;
    }
    location /TaskLogHub {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_pass http://demo/TaskLogHub;
    }
    location = /50x.html {
      root html;
    }
    error_page 404 500 502 503 504 /50x.html;
  }
}

配置说明

#转发Tcp
stream {
    proxy_timeout 30m;
    server {
        listen 8080;
        proxy_pass localhost:55328;
    }
}
#使用 WebSocket 需要添加以下配置
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
#使用 SSE 需要添加以下配置
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;

proxy_set_header Connection;
chunked_transfer_encoding off;
proxy_cache off;
posted @ 2019-12-30 16:30  一事冇诚  阅读(1178)  评论(0编辑  收藏  举报