nginx配置https

最新推荐文章于 2025-05-07 09:38:37 发布

原创最新推荐文章于 2025-05-07 09:38:37 发布 · 188 阅读

0 ·

CC 4.0 BY-SA版权

JAVA 专栏收录该内容

86 篇文章

订阅专栏

本文详细介绍了Nginx服务器的HTTPS配置过程，包括SSL证书的加载、HTTPS监听端口设置、HTTP到HTTPS的永久重定向，以及如何为不同域名配置独立的HTTPS服务。同时，还深入探讨了Nginx的代理传递、头部信息设置和Cookie管理等高级特性。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
   server_names_hash_bucket_size 64;
    include       mime.types;
    default_type application/octet-stream;

    #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

    #gzip on;

   #shop static
        server {
       listen       80;
       server_name static.xxx.com;
           rewrite ^(.*) https://$server_name$1 permanent;
        }



   #shop web
        server {
       listen       80;
       server_name www.xxx.com;
           rewrite ^(.*) https://$server_name$1 permanent;
        }


        #shop static https
       server {
            listen 443;
            server_name static.xxx.com;
            ssl on;
            root html;
            index index.html index.htm;
            ssl_certificate   E:/SSL/xxx.com.crt;
            ssl_certificate_key E:/SSL/xxx.com.key;
            ssl_session_timeout 5m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
               location / {
                   root     E:/workspace/shop/trunk/shop-static/src/main/webapp/;
                 index index.html index.htm;
                   autoindex on;
                   autoindex_exact_size on;
                   autoindex_localtime on;
           }
       }



   #shopweb https
       server {
            listen 443;
            server_name www.xxx.com;
            ssl on;
            root html;
            index index.html index.htm;
            ssl_certificate   E:/SSL/xxx.com.crt;
            ssl_certificate_key E:/SSL/xxx.com.key;
            ssl_session_timeout 5m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
           location / {
                   proxy_pass http://127.0.0.1:8081;
                   proxy_set_header        Host            $host;
                   proxy_set_header        X-Real-IP       $remote_addr;
                   proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                   client_max_body_size 100m;

                   set $from $arg_from;
                   if ($from ~* ^(\w+$) ){
                       add_header Set-Cookie 'from=$from;domain=www.xxx.com;path=/;';
                   }
           }
       }

}