针对要配置的域名配置文件:
server {
listen 443;
server_name abc.com;
#access_log /server/nginx/log/abc.com.log main;
ssl on;
ssl_certificate /server/nginx/sslcom/domain.cer;
ssl_certificate_key /server/nginx/sslcom/domain.key;
ssl_session_timeout 5m;
#ssl_protocols SSLv3 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM;
ssl_prefer_server_ciphers on;
allow 120.122.122.144;
allow 192.168.0.3;
deny all;
#拒绝一些 user-agent
if ($http_user_agent ~* LWP::Simple|BBBike|wget|Python-urllib|webscan\.360\.cn) {
return 404;
}
#反向代理到api服务器
location ^~/.svn{
deny all;
}
location ^~/.git{
deny all;
}
location / {
proxy_pass http://11.11.11.11:1002;
}
}