#user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
fastcgi_intercept_errors on;
error_page 502 = /index.html;
log_format main '$remote_addr $cookie_logCookie $cookie_loginId [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1K;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
proxy_set_header X-Nginx-Scheme $scheme;
client_max_body_size 300m;
proxy_headers_hash_bucket_size 1024;
proxy_headers_hash_max_size 512;
server
{
listen 80;
server_name s.test.com;
rewrite ^(.*)$ https://s.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name en.test.com;
rewrite ^(.*)$ https://en.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name mall.test.com;
rewrite ^(.*)$ https://mall.test.com$1 permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name cn.test.com;
rewrite ^(.*)$ https://mall.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name m.test.com;
rewrite ^(.*)$ https://mall.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name piwik.test.com;
rewrite ^(.*)$ https://piwik.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name ~^.*\.test\.com$ www.test.com;
rewrite ^(.*)$ https://www.test.com$1 permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 443 ssl;
server_name s.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location ^~ /upgrade/
{
index index.html index.htm index.jsp;
proxy_pass http://10.1.211.87:8089/;
proxy_redirect off;
}
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
proxy_pass http://10.1.210.10:7002;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 443 ssl;
server_name en.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
proxy_pass http://en.test.com;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 443 ssl;
server_name mall.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
proxy_pass http://mall.test.com;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 443 ssl;
server_name cn.test.com;
rewrite ^(.*)$ https://mall.test.com permanent;
}
server
{
listen 443 ssl;
server_name m.test.com;
rewrite ^(.*)$ https://mall.test.com permanent;
}
server
{
listen 443 ssl;
server_name piwik.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
proxy_pass http://piwik.test.com;
}
}
server
{
listen 443 ssl;
server_name ~^.*\.test\.com$ www.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
if ( $http_user_agent ~* "Mobile" ){
proxy_pass http://10.1.210.10:7002;
}
proxy_pass http://www.test.com;
}
}
}
- 浏览: 164185 次
- 性别:
- 来自: 深圳
最新评论
-
mythet:
上面的配置有问题,测试半天都访问不了,原因是web.xml缺少 ...
lucene solr配置,集成到struts中 -
graduate2011:
楼主你好,想问一下你编译tomcat源码是不是用ant?编译好 ...
tomcat WebappClassLoader 加密class文件
相关推荐
nginx配置https ssl 安全协议nginx配置https ssl 安全协议
linux安装nginx并支持ssl,使得服务器支持证书签名,提升应用的安全性
Windows下Nginx配置SSL实现Https访问(包含证书生成)
nginx配置+https
Vue项目结果build编译后,放在Nginx的html文件夹内,替换该配置文件,就可以在Nginx服务器上运行Vue项目
weblogic集群安装及nginx https反向代理及负载均衡配置
linux下nginx配置ssl,配置内网ip访问,配置内网域名访问。配置相同网站http重定向到https
主要介绍了Nginx配置SSL自签名证书的方法,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
nginx配置https反向代理到tomcat的http,包括windows版本和linux版本的软件下载,安装,配置等
网络上很难找到非常详细的关于nginx配置https的全流程,大多都是一小段,要么缺A要么缺B。 本文档通过真实的实践经验,从安装OpenSSL和Nginx,到利用openssl生成证书,配置nginx的https(包括配置http请求转发到...
申请免费的SSL证书,用docker容器搭建Nginx服务端,详细的Nginx配置ssl证书的方法。
可以下载放到指定目录直接用
NULL 博文链接:https://hlee.iteye.com/blog/569381
nginx配置示例SSL
IIS 7.5 以下版本不支持多域名共用443端口 SSL 服务,采用nginx 单独处理来自443端口的请求,从而实现多域名 SSL 附件包含,图文设置nginx, nginx免安装包,可直接使用,已支持SNI(Server Name Indication)
完整的 thinkphp nginx php fpm ssl 配置
Nginx配置SSL,Nginx使用SSL模块配置https支持
Nginx双向SSL认证配置详细步骤
nginx.conf的配置访问ssl证书
第一步:签署第三方可信任的 SSL 证书 证书可以直接在阿里云里面申请免费的ssl证书 登录阿里云账号,在上方搜索栏内搜索ssl,点击ssl证书(应用安全) 来到这个页面后点击购买证书 如图选择免费版ssl证书,...