1、nginx 配置https证书访问:
活不多说,直接开整:
server {
listen 7002 ssl;
server_name bi.xxxx.com;
ssl_certificate D:/yeacer/poweropp/ssl/1_bi.cimcvehiclesgroup.com_bundle.crt;
ssl_certificate_key D:/yeacer/poweropp/ssl/2_bi.cimcvehiclesgroup.com.key;
location / {
root D:/yeacer/poweropp/pop-vue/dist;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.250.13.16:996/;
}
location /profile/{
# 方式一:指向地址
proxy_pass http://10.250.13.16:996/profile/;
}
location /ReportServer {
proxy_pass http://10.250.13.16:888/ReportServer;
}
location /Reports {
proxy_pass http://10.250.13.16:888/Reports;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
关键解释:
1、listen监听端口后面需加 ssl 代表是 https 请求。
2、server_name 不能指向ip地址,须指向对应的域名。
3、ssl_certificate、ssl_certificate_key 分别指向下载的 ssl 证书的 crt 文件,以及 key 文件。
4、以下代码是在 nginx 上配置反向代理,代表将自己地址中含有 /profile、/ReportServer、/Reports 中的路径用 proxy_pass 配置的路径代替:
如:https://bi.xxxx.com/ReportServer -> http://10.250.13.16.888/ReportServer
location /profile/{
# 方式一:指向地址
proxy_pass http://10.250.13.16:996/profile/;
}
location /ReportServer {
proxy_pass http://10.250.13.16:888/ReportServer;
}
location /Reports {
proxy_pass http://10.250.13.16:888/Reports;
}
2、nginx作为css,js,image静态资源服务器,以及gzip压缩:
参考代码:
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 100m;
# 开启gzip压缩
gzip on;
# 不压缩临界值,大于1K的才压缩,一般不用改
gzip_min_length 1k;
# 压缩缓冲区
gzip_buffers 16 64K;
# 压缩版本(默认1.1,前端如果是squid2.5请使用1.0)
gzip_http_version 1.1;
# 压缩级别,1-10,数字越大压缩的越好,时间也越长
gzip_comp_level 5;
# 进行压缩的文件类型
gzip_types text/plain application/x-javascript text/css application/xml application/javascript;
# 跟Squid等缓存服务有关,on的话会在Header里增加"Vary: Accept-Encoding"
gzip_vary on;
# IE6对Gzip不怎么友好,不给它Gzip了
gzip_disable "MSIE [1-6]\.";
upstream poweropp{
#server 139.219.137.252:7777;
#server 139.219.137.252:7778;
server 139.219.128.167:7777;
}
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 300;
#PowerOpp前端系统
server {
listen 80;
server_name localhost;
location / {
root /www/var/dist;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location ~ ^/(images|img|javascript|js|css|flash|media|static)/ {
root /home/resources/; #####静态资源的路径
autoindex on;
access_log off;
expires 30d; #####设置缓存时间
}
location /smartbi/ {
proxy_pass http://10.10.202.17:18600/smartbi/ ;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /SmartbiSSO/ {
proxy_pass http://10.10.12.87:8080/SmartbiSSO/ ;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /prod-api/{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://poweropp/;
# proxy_pass http://139.219.6.5:8080/;
}
location /profile/{
proxy_pass http://poweropp/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
将 nginx 部署静态资源服务器步骤:
1、配置关键代码,代表将 /home/resources 下面的静态文件开启访问:
location ~ ^/(images|img|javascript|js|css|flash|media|static)/ {
root /home/resources/; #####静态资源的路径
autoindex on;
access_log off;
expires 30d; #####设置缓存时间
}
2、在 linux 服务器下的静态资源路径下创建 3个文件夹分别代表 js、css、img:
3、重启 nginx 服务,通过80端口和资源服务器下的目录路径,可以直接访问到静态资源。
如:
http://139.219.15.224/js/xxx.js
http://139.219.15.224/css/xxx.css
http://139.219.15.224/img/xxx.png