公司要求升级http为https,这个容易。
ws升级为wss坑了。留一份,不然下次查资料心力交瘁。
7台服务统一按这个格式配就行了,我不知道为啥这样配就行了,之前怎么都不对~~
server {
# listen 80; #如果需要同时支持http和https
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/key/STAR.xxx.crt;
ssl_certificate_key /etc/nginx/key/STAR.xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name {域名1};
location / {
proxy_pass http://{ip1}:{port1};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
#=================================================================================
server {
# listen 80; #如果需要同时支持http和https
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/key/STAR.xxx.crt;
ssl_certificate_key /etc/nginx/key/STAR.xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name {域名2};
location / {
proxy_pass http://{ip2}:{port2};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
#=================================================================================
server {
# listen 80; #如果需要同时支持http和https
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/key/STAR.xxx.crt;
ssl_certificate_key /etc/nginx/key/STAR.xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name {域名3};
location / {
proxy_pass http://{ip3}:{port3};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
#=================================================================================
server {
# listen 80; #如果需要同时支持http和https
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/key/STAR.xxx.crt;
ssl_certificate_key /etc/nginx/key/STAR.xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name {域名4};
location / {
proxy_pass http://{ip4}:{port4};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
#=================================================================================
server {
# listen 80; #如果需要同时支持http和https
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/key/STAR.xxx.crt;
ssl_certificate_key /etc/nginx/key/STAR.xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name {域名5};
location / {
proxy_pass http://{ip5}:{port5};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
#=================================================================================
server {
# listen 80; #如果需要同时支持http和https
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/key/STAR.xxx.crt;
ssl_certificate_key /etc/nginx/key/STAR.xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name {域名6};
location / {
proxy_pass http://{ip6}:{port6};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
#=================================================================================
server {
# listen 80; #如果需要同时支持http和https
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/key/STAR.xxx.crt;
ssl_certificate_key /etc/nginx/key/STAR.xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name {域名7};
location / {
proxy_pass http://{ip7}:{port7};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
!!真的该去吃饭了