https 一级域名跳转二级域名配置
server{
listen 443;
server_name geek45.com;
ssl on;
ssl_certificate /******.pem;
ssl_certificate_key /******.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root /www/static-web/;
index geek45.html;
error_page 500 502 503 504 404 /404.html;
location = 404.html{
index 404.html;
}}
geek45.html 页面内容
<html>
<meta http-equiv="refresh" content="0;url=https://www.geek45.com/">
</html>
后台二级域名https配置
server {
listen 443;
server_name config.geek45.com;
ssl on;
ssl_certificate /*******.pem;
ssl_certificate_key /*******.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://blog/;
proxy_set_header Host $host;
proxy_set_header X-Real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
博客主页面https配置
server {
listen 443;
server_name *.geek45.com;
ssl on;
ssl_certificate /********.pem;
ssl_certificate_key /********.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#root html;
#index index.html index.htm;
location / {
proxy_pass http://tale_blog/;
proxy_set_header Host $host;
proxy_set_header X-Real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
一级域名和二级域名 全部跳转https访问
server {
listen 80;
server_name geek45.com;
location / {
proxy_pass https://www.geek45.com/;
proxy_set_header Host $host;
proxy_set_header X-Real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name www.geek45.com;
location / {
root /www/static-web/;
index geek45.html;
}
}
server {
listen 80;
server_name config.geek45.com;
location / {
root /www/static-web/;
index config.html;
}
}
服务器维护的时候,跳转对应的网站,避免出现网站空白期
server {
listen 8080;
server_name geek45.com;
root /www/static-web/;
index index.html;
}
禁止ip访问服务器
server {
listen 80 default;
server_name _ ;
root /www/static-web/;
index 500.html;
}
nginx日志配置,调试时使用
log_format main '$remote_addr - [$time_local] "$request" - [$http_x_forwarded_for] - [$http_referer]'
access_log logs/access.log main;
注意
以上所有配置,均在http{ ... } 里面