nginx配置ssl(https),接口转发,gzip示例

1,873 阅读1分钟
server {
    listen   80;
    server_name zzcandor.com;
    server_name www.zzcandor.com;
    #return      301 https://$server_name1$request_uri;
    rewrite ^(.*)$  https://$host$1 permanent;  
}

server
{
listen 443 ssl;   #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
server_name zzcandor.com;
server_name www.zzcandor.com;

# rewrite ^(.*)$ https://$host$1 permanent;   #将所有http请求通过rewrite重定向到https。

root /projects/blog-react/build;

ssi on;
ssi_silent_errors on;

error_page 404  /404.html;

ssl_certificate cert/zzcandor.com.pem;   #将domain name.pem替换成您证书的文件名。
ssl_certificate_key cert/zzcandor.com.key;   #将domain name.key替换成您证书的密钥文件名。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
ssl_prefer_server_ciphers on; 


  location /blogapi/ {
          proxy_pass http://127.0.0.1:6060/; 
          add_header Access-Control-Allow-Origin *;
          add_header Access-Control-Allow-Headers X-Requested-With;
          add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,PATCH;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header REMOTE-HOST $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

      gzip on;
      gzip_http_version 1.1;
      gzip_comp_level 3;
      gzip_types text/plain application/json application/x-javascript application/css application/xml application/xml+rss text/javascript application/x-httpd-php image/jpeg image/gif image/png image/x-ms-bmp;

 location /{
      try_files $uri /index.html;
      add_header Access-Control-Allow-Origin *;
      add_header Access-Control-Allow-Headers X-Requested-With;
      add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,PATCH;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    
  }

}