1、Nginx-Https域名配置
server {
listen 443 ssl;
server_name 域名;
# 改成你的证书的名字
ssl_certificate 证书完整路径【若在容器中,填写容器路径】.pem;
# 你的证书的名字
ssl_certificate_key 证书完整路径【若在容器中,填写容器路径】.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html;
}
}
server {
listen 80;
#填写证书绑定的域名
server_name 域名;
#将所有HTTP请求通过rewrite指令重定向到HTTPS。
rewrite ^(.*)$ https://域名$1;
}
2、nginx 不同域名绑定同一个端口
新建配置文件 域名一.conf
server {
listen 80;
server_name 域名一;
location / {
root /usr/share/nginx/html;
index index.html;
}
}
新建配置文件 域名二.conf
server {
listen 80;
server_name 域名二;
location / {
root /usr/share/nginx/html;
index index.html;
}
}
3、负载均衡配置
upstream test-server {
# 分配给连接数最小的服务器
least_conn;
server ip:port max_fails=3;
server ip:port max_fails=3;
server ip:port max_fails=3;
keepalive 300;
keepalive_timeout 60s;
}
server {
listen 80;
listen 443 ssl;
server_name 域名;
underscores_in_headers on;
ssl_certificate **.pem;
ssl_certificate_key **.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html;
}
# 接口代理
location /server-api {
proxy_set_header Host $host:$server_port;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60;
proxy_read_timeout 600;
proxy_pass http://test-server;
}
}
4、前端history代理
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri $uri/ /index.html;
}
