Https时,一个是注意https证书路径,另外NG需要开启SSL模块,请检索nginx.conf错误提示,对应去参考其他文章
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
log_format main ' $remote_user [$time_local] $http_x_Forwarded_for $remote_addr $request '
'$http_x_forwarded_for '
'$upstream_addr '
'ups_resp_time: $upstream_response_time '
'request_time: $request_time';
access_log logs/access.log main;
client_max_body_size 50m;
sendfile on;
#tcp_nopush on;
proxy_connect_timeout 600; #单位秒
proxy_send_timeout 600; #单位秒
proxy_read_timeout 600; #单位秒
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
#keepalive_timeout 0;
keepalive_timeout 75;
#gzip on;
#负载均衡,随便取没啥关系
upstream www.lock.com { #服务器集群名字
server 192.168.0.1:8089 weight=2;#加权哈希,加权越大流量进来的比例越大。
server 192.168.0.2:8089 weight=1;
}
#手机端api
server {
listen 80;
server_name wap.OptimisticLock.com;
location / {
proxy_pass http://www.lock.com;
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#H5页面
server {
listen 80;
server_name h5.OptimisticLock.com;
location / {
proxy_pass http://192.168.0.3:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#管理后台前端
server {
listen 80;
server_name admin.OptimisticLock.com;
location / {
root html;
index index.html index.htm;
proxy_pass http://192.168.0.4:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#管理后台API
server {
listen 80;
server_name api.OptimisticLock.com;
location / {
root html;
index index.html index.htm;
proxy_pass http://192.168.0.4:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#管理后台前端
server {
listen 443; #配置HTTPS的默认访问端口号为443。此处如果未配置HTTPS的默认访问端口,可能会造成Nginx无法启动n。
server_name admin.OptimisticLock.com;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/admin.OptimisticLock.com.pem; #将domain name.pem替换成您证书的文件名称。
ssl_certificate_key cert/admin.OptimisticLock.com.key; #将domain name.key替换成您证书的密钥文件名称。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location / {
root html; #站点目录。
index index.html index.htm;
proxy_pass http://192.168.0.4:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#H5分享
server {
listen 443;
server_name h5.OptimisticLock.com;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/h5.OptimisticLock.com.pem;
ssl_certificate_key cert/h5.OptimisticLock.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
location / {
root html; #站点目录。
index index.html index.htm;
proxy_pass http://192.168.0.3:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
//手机端
server {
listen 443;
server_name wap.OptimisticLock.com;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/wap.OptimisticLock.com.pem;
ssl_certificate_key cert/wap.OptimisticLock.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location / {
root html; #站点目录。
index index.html index.htm;
proxy_pass http://www.lock.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#后台API接口
server {
listen 443;
server_name api.OptimisticLock.com;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/api.OptimisticLock.com.pem;
ssl_certificate_key cert/api.OptimisticLock.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location / {
root html; #站点目录。
index index.html index.htm;
proxy_pass http://192.168.0.4:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024m; #允许客户端请求的最大单文件字节数
client_body_buffer_size 1024k; #缓冲区代理缓冲用户端请求的最大字节数
proxy_buffer_size 1024k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffers 6 500k; #proxy_buffers缓冲区,网页平均在32k以下的话>,这样设置
proxy_busy_buffers_size 1024k; #高负荷下缓冲大小(proxy_buffers*2)
proxy_temp_file_write_size 1024k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传
}
}
}