常用配置路径代理映射 http和https
配置nginx路径下的配置文件:/etc/nginx/conf.d/nginx.conf (每个人的可能不一样,但是我这个就是yum 直接安装的)
如下配置 配置http 和 https 、ws 和 wss
实战配置
#自定义配置地址
upstream halo {
server 127.0.0.1:8090;
}
server {
listen 80;
listen [::]:80;#域名
server_name *.zengoutlook.online;
client_max_body_size 1024m;
rewrite ^(.*)$ https://$host$1;
# coreHome小程序和ws配置 前缀匹配
location ^~/coreHome/ {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 暂时不用
# rewrite ^/coreHome/(.*)$ /$1 break; #拦截标识去除
# proxy_pass http://127.0.0.1:8000; #这里是http不是ws,不用怀疑,代理的ip和port写ws访问的实际地址
# proxy_http_version 1.1; #这里必须使用http 1.1
#下面两个必须设置,请求头设置为ws请求方式
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://halo;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# HTTPS server 配置https
server {
listen 443 ssl;
server_name *.*.online; #自己的域名
# 证书放置地址
ssl_certificate /root/ssl/Nginx/1_zeng164outlook.online_bundle.crt;
ssl_certificate_key /root/ssl/Nginx/2_zeng164outlook.online.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
# coreHome小程序和ws配置
location ^~/coreHome/ {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# rewrite ^/coreHome/(.*)$ /$1 break; #拦截标识去除
# proxy_pass http://127.0.0.1:8000; #这里是http不是ws,不用怀疑,代理的ip和port写ws访问的实际地址
# proxy_http_version 1.1; #这里必须使用http 1.1
#下面两个必须设置,请求头设置为ws请求方式
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://halo;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
重启命令:nginx -s reload