nginx.conf / ssl / 域名 / 静态资源
#端口占用,杀死80端口进程
fuser -k 80/tcp
# 测试nginx配置文件
/usr/local/nginx/sbin/nginx -t
# (交互)实时输出log
tail -f /usr/local/nginx/logs/access.log
http {
#...
#...
server {
listen 80;
server_name www.icon.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
listen 8080;
server_name www.icon.com;
ssl_certificate cert/9999999_www.icon.com.pem;
ssl_certificate_key cert/9999999_www.icon.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location ~*^.+\.(icon|gif|jpg|jpeg|png|html|css|js|txt|xml|swf|wav)$ {
root /usr/local/web/icon/;
}
location / {
proxy_pass http://localhost:8000/;
proxy_read_timeout 600s;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /icon {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}