生產環境nginx配置文件(帶https安全認證)
阿新 • • 發佈:2018-09-07
tar edi proc method fault res root ash fas
#user www www; worker_processes 2; error_log logs/error.log info; pid /usr/local/nginx/nginx.pid; worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘ ‘$status $body_bytes_sent "$http_referer" ‘ ‘"$http_user_agent" "$http_x_forwarded_for"‘; access_log logs/access.log main; server_names_hash_bucket_size 128; client_header_buffer_size 512k; large_client_header_buffers 4 512k; client_body_buffer_size 30m; client_max_body_size 100m; server_tokens off; ignore_invalid_headers on; recursive_error_pages on; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; gzip on; gzip_min_length 1k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; upstream truck { ip_hash; server 10.74.**.**:8080; } upstream model{ server 10.74.**.**:8080; } upstream mvsp{ server 10.74.**.**:6006; } upstream fastdfs{ server 10.74.**.**:8080; } server { listen 80; server_name isafety.mintaian.com; #永久重定向到 https 站點 return 301 https://$server_name$request_uri; } #server { #listen 80; #server_name isafety.mintaian.com; # # #location ~* /{ # proxy_pass http://truck; # proxy_set_header Host $host:80; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # client_max_body_size 400m; # proxy_connect_timeout 600; # proxy_send_timeout 600; # proxy_read_timeout 600; # } # # # access_log /usr/local/nginx/logs/isafety.mintaian.com.log; # #} server { listen 443; server_name isafety.mintaian.com; ssl on; ssl_certificate ../sslkey/1_isafety.mintaian.com_bundle.crt; ssl_certificate_key ../sslkey/2_isafety.mintaian.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3; ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; ssl_prefer_server_ciphers on; #========模型接口===========# location ~* /mintaian/datatransmission { proxy_pass http://model; } #=======**科技頁面代理=====>start location ~* /Ferry { proxy_pass http://mvsp; } location ~* /ThirdResource { proxy_pass http://mvsp; } location ~* /vehicleAlarmData { proxy_pass http://mvsp; } #=======**科技頁面代理=====>end #代理測試文件服務器 location ~* /group1 { proxy_pass http://fastdfs; } location ~* /group2 { proxy_pass http://fastdfs; } #file location ~* /file/ { add_header ‘Access-Control-Allow-Origin‘ ‘*‘; add_header ‘Access-Control-Allow-Methods‘ ‘GET, POST, OPTIONS‘; add_header ‘Access-Control-Allow-Headers‘ ‘Origin, X-Requested-With, Content-Type, Accept‘; root /usr/local/nginx; } location ~* / { proxy_pass http://truck; proxy_set_header Host $host:80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 400m; proxy_connect_timeout 600; proxy_send_timeout 600; proxy_read_timeout 600; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Proto $scheme; } access_log /usr/local/nginx/logs/isafety.mintaian.com.log; } }
生產環境nginx配置文件(帶https安全認證)