nginx参考配置

于 2024-04-02 14:29:43 发布
阅读量176 收藏
点赞数 1
CC 4.0 BY-SA版权
文章标签: nginx 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/putMap/article/details/137268905
文章详细描述了如何在Nginx中配置SSL以支持HTTPS,包括SSL证书、协议版本、缓存、代理设置以及不同服务器名称的配置实例。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

nginx SSL参考配置

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {

    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    gzip on;
    gzip_min_length 1k;
    gzip_comp_level 9;
    gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
    gzip_vary on;
    gzip_disable "MSIE [1-6]\.";

    server {
        listen 83;
        listen 81 ssl ;
        server_name  test.cn;
	#https
        ssl_certificate  /usr/local/nginx/cert/test_cn.crt;
        ssl_certificate_key  /usr/local/nginx/cert/test_cn.pem;
		ssl_protocols TLSv1.2 TLSv1.3;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
	client_max_body_size 100m;
    include /usr/local/nginx/conf/proxy/*.conf;
		location ^~ /funeral-service {
			proxy_pass              http://136.34.80.213:9090/funeral-service;
			proxy_set_header        Host 136.34.80.213;
			proxy_set_header        X-Real-IP $remote_addr;
			proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_buffer_size 1024k;
                        proxy_buffers 16 1024k;
                        proxy_busy_buffers_size 2048k;
                        proxy_temp_file_write_size 2048k;
		}

        location / {
            root   html;
            index  index.html index.htm;
			if (!-e $request_filename) {
				rewrite ^(.*)$ /index.html?s=$1 last;
				break;
			}
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

     server {
        listen 80;
        listen 443 ssl ;
        server_name  test.cn;
        ssl_certificate  /usr/local/nginx/cert/test_cn.crt;
        ssl_certificate_key  /usr/local/nginx/cert/test_cn.pem;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
	    client_max_body_size 100m;
        include /usr/local/nginx/conf/proxy/*.conf;
		location ^~ /funeral-service {
			proxy_pass              http://136.34.80.213:9090/funeral-service;
			proxy_set_header        Host 136.34.80.213;
			proxy_set_header        X-Real-IP $remote_addr;
			proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_buffer_size 2024k;
            proxy_buffers 16 1024k;
            proxy_busy_buffers_size 2048k;
            proxy_temp_file_write_size 2048k;
		}

        location / {
            root   html;
            index  index.html index.htm;
			if (!-e $request_filename) {
				rewrite ^(.*)$ /index.html?s=$1 last;
				break;
			}
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    server {
	    listen 80;
	    listen 443 ssl ;
	    server_name big.test.cn;
	    ssl_certificate  /usr/local/nginx/cert/test_cn.crt;
	    ssl_certificate_key  /usr/local/nginx/cert/test_cn.pem;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	    ssl_session_cache    shared:SSL:1m;
            ssl_session_timeout  5m;
            ssl_ciphers  HIGH:!aNULL:!MD5;
            ssl_prefer_server_ciphers  on;
	    client_max_body_size 100m;
            include /usr/local/nginx/conf/proxy/*.conf;
		location ^~ /funeral-service {
			proxy_pass              http://136.34.80.213:9090/funeral-service;
			proxy_set_header        Host 136.34.80.213;
			proxy_set_header        X-Real-IP $remote_addr;
			proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_buffer_size 1024k;
                        proxy_buffers 16 1024k;
			proxy_busy_buffers_size 2048k;
			proxy_temp_file_write_size 2048k;
		}

	    location / {
		root   /usr/local/nginx/big;
		index  index.html index.htm;
	    }
    }

     server {
        listen 84;
        listen 82 ssl ;
        server_name  test.cn;
	#https
        ssl_certificate  /usr/local/nginx/cert/test_cn.crt;
        ssl_certificate_key  /usr/local/nginx/cert/test_cn.pem;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
	client_max_body_size 100m;
    include /usr/local/nginx/conf/proxy/*.conf;
		location ^~ /funeral-service {
			proxy_pass              http://136.34.80.213:9090/funeral-service;
			proxy_set_header        Host 136.34.80.213;
			proxy_set_header        X-Real-IP $remote_addr;
			proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_buffer_size 1024k;
                        proxy_buffers 16 1024k;
                        proxy_busy_buffers_size 2048k;
                        proxy_temp_file_write_size 2048k;
		}

        location / {
            root   /usr/local/nginx/big;
            index  index.html index.htm;
			if (!-e $request_filename) {
				rewrite ^(.*)$ /index.html?s=$1 last;
				break;
			}
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server

#    server {
#        listen       443 ssl;
#        server_name  www.test.cn;
 #       ssl_certificate  /usr/local/nginx/cert/test_cn.crt;
 #       ssl_certificate_key  /usr/local/nginx/cert/test_cn.pem;
 #       ssl_session_cache    shared:SSL:1m;
  #      ssl_session_timeout  5m;
  #      ssl_ciphers  HIGH:!aNULL:!MD5;
  #      ssl_prefer_server_ciphers  on;
     #   ssl_session_cache    shared:SSL:1m;
     #   ssl_session_timeout  5m;
     #  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     #  ssl_ciphers HIGH:!aNULL:!MD5;
     #  ssl_prefer_server_ciphers  on;

    #   location / {
     #       root   html;
     #       index  index.html index.htm;
   #     }
  # }

 }
和月明
关注
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值