user nginx;
worker_processes 2;
worker_rlimit_nofile 65535;
#pid logs/nginx.pid;
events {
worker_connections 65535;
}
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
limit_req_zone $binary_remote_addr zone=allips:10m rate=10r/m; #同一时间IP访问限制 防止DDOS攻击
limit_conn_zone $binary_remote_addr zone=limitConn:10m; #限制并发连接数
limit_conn_log_level notice;
#gzip on;
include /etc/nginx/conf.d/*.conf;
server {
listen *:8123 ssl;
# server_name 127.0.0.1;
ssl_certificate /ssl/cert.crt;
ssl_certificate_key /ssl/rsa_private.key;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
location / {
proxy_pass http://127.0.0.1:8080;
index index.html index.htm index.jsp;
}
}
server {
listen 127.0.0.1:3333 ssl;
# server_name 127.0.0.1;
ssl_certificate /ssl/cert.crt;
ssl_certificate_key /ssl/rsa_private.key;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
location / {
proxy_pass http://127.0.0.1:3000;
index index.html index.htm index.jsp;
}
}
}