1、编辑 default.conf
#强制跳转https
server {
listen 80;
server_name friend.***.com;
return 301 https://$server_name$request_uri;
}
#配置域名和证书
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name friend.***.com;
access_log /var/log/nginx/xyl.log main;
ssl_certificate /etc/nginx/ssh/xyl/8619782_friend.***.com.pem;
ssl_certificate_key /etc/nginx/ssh/xyl/8619782_friend.***.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 100M;
#静态文件夹访问
location /images/ {
alias /home/projectUpload/xyl/;
autoindex on;
}
#前端页面
location / {
root /home/xyl/webui;
index index.html index.htm;
try_files $uri $uri/ /index.html;
# YvXcTjyT1l.txt /data/cyan-find/zs/YvXcTjyT1l.txt;
}
#访问后台代理
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://124.***:9095/;
}
}
#第二个域名开始
server {
listen 80;
server_name pet.***.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ***.com;
access_log /var/log/nginx/yxc.log main;
ssl_certificate /etc/nginx/ssh/yxc/8664600_pet.***.com.pem;
ssl_certificate_key /etc/nginx/ssh/yxc/8664600_pet.***.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 100M;
location /images/ {
root /home/projectUpload/yxc;
autoindex on;
}
location / {
root /home/yxc/web-ui/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
add_header Cache-Control no-store;
# YvXcTjyT1l.txt /data/cyan-find/zs/YvXcTjyT1l.txt;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://124.***:9095/;
}
}