这里要注意的就是由于nginx没有配置中级证书的参数,所以根证书和证书文件需要合并起来配置,这个apache有点区别,证书链文件建议是配置上去apache有相应参数可以配置nginx没有。
cat domain.crt domian.ca > domian.pem
写2个server,80端口用return 301跳转即可。
cat domain-80.conf
server {
listen IP:80;
server_name DOMAIN;
if ( $host ~* ^[a-zA-Z0-9\-]+\.([a-zA-Z0-9]+)?$ ){
rewrite ^/(.*)$ https://www.$host/$1 permanent;
}
index index.php index.html index.htm;
location / {
return 301 https://domain$request_uri;
limit_req zone=one burst=30;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
proxy_set_header AUTHZH aGZoZj13g5N2FmaDk4;
proxy_pass http://IP:80/;
}
location ~* ^.+\.(gz|tar|tgz|tbz||zip|xz|bz2|rar|7z|sql|exe|dll|msi|iso|pdf)$ {
limit_conn conn 2;
limit_rate 200k;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
proxy_set_header AUTHZH aGZoZjg12321Zoc2FmaDk4;
proxy_pass http://ip:80;
}
location ~* ^/(403|500|503)\.html { root html; }
}
cat domain.com.conf
server {
listen IP:443;
server_name domain;
index index.php index.html index.htm;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/DOMINA/DOMAIN.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/domain/domain.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header AUTHZH aGZoZjg5N34Y3Zoc2FmaDk4;
proxy_set_header X_FORWARDED_PROTO https;
proxy_pass http://IP;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
转载于:https://blog.51cto.com/chenzm0592/1895297