upstream halo {
server 127.0.0.1:8090;
}
upstream https {
server cdn.liumou.site:443;
}
server {
listen 443 ssl http2;
server_name liumou.site;
ssl_certificate /usr/share/nginx/html/liumou.site_bundle.crt;
ssl_certificate_key /usr/share/nginx/html/liumou.site.key;
ssl_session_timeout 5m;
# 限制单个客户端 IP 最大连接数为 10
limit_conn conn_zone 10;
# 限制单个客户端 IP 1s 内最多发起 5 个请求
limit_req zone=req_zone burst=5;
# 计算客户端 IP 累计请求流量,限制累计请求流量为 1GB
set $limit_rate 128k;
limit_rate_after 500M;
limit_rate 1m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://halo;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /admin {
deny all;
}
location /arch {
deny all;
}
access_log /var/log/nginx/access-liumou.log main;
}
server {
listen 80;
listen [::]:80;
server_name liumou.site;
client_max_body_size 1024m;
location / {
proxy_pass http://halo;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
if ($host ~* "^liumou.site$") {
rewrite ^/(.*)$ https://liumou.site/ permanent;
}
error_page 404 https://liumou.site;
error_page 497 https://liumou.site;
error_page 301 https://liumou.site;
}
Nginx配置HTTPS自动跳转参数
最新推荐文章于 2024-08-03 22:17:18 发布
文章详细描述了如何在Nginx服务器上配置HTTPS监听、使用upstream分发请求到server127.0.0.1:8090和cdn.liumou.site:443,以及设置SSL安全选项、连接限制和请求速率控制。还包含了访问日志管理和HTTP重定向策略。
摘要由CSDN通过智能技术生成