# cat default.conf upstream webfront { # Tomcat is listening on default 8090 port ip_hash; server web1:8518 ; server web2:8518 fail_timeout=0; } proxy_cache_path /etc/nginx/cache levels=1:2 keys_zone=my_cache:10m max_size=1g inactive=60m use_temp_path=off; server { listen 80; server_name xxxxxx.com.cn; return 301 https://$host; ##由 rewrite 修改为 return } server { listen 443 ssl http2; server_name xxxxxx.com.cn; #换成你的域名 ssl on; ssl_certificate /etc/nginx/certificate/xxxxxx.com.cn.crt; #证书文件 ssl_certificate_key /etc/nginx/certificate/xxxxxx.com.cn.key; #秘钥文件 ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ##访问网站后,由浏览器方记住该域名是受保护的https://,以后的http://访问不用走上边的return location /web/ { proxy_pass http://webfront; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Frame-Options DENY; proxy_connect_timeout 60; proxy_read_timeout 3600s; proxy_set_header X-Forwarded-Proto $scheme; } #location /ufile/{ # proxy_pass http://info.xxxxxxx.cn/ufile/; #} location /advisory/{ proxy_pass http://webfront/web/advisory/; proxy_cache my_cache; proxy_cache_key $scheme$proxy_host$request_uri; proxy_cache_valid 200 1d; add_header cache-status $upstream_cache_status; } location /r/cms/{ proxy_pass http://webfront/web/r/cms/; proxy_cache my_cache; proxy_cache_key $scheme$proxy_host$request_uri; proxy_cache_valid 200 1d; add_header cache-status $upstream_cache_status; } location /home/static/ {root /etc/nginx/html;} location /index/static/ {root /etc/nginx/html;} location /home {try_files $uri /home/index.html;} location /index {try_files $uri /index.html;} location = / { rewrite ^ /index; } error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } # cat /etc/nginx/nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 2048; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; server_tokens off; keepalive_timeout 65; gzip on; gzip_comp_level 9; gzip_min_length 100; gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif #image/png; gzip_vary on; gzip_static on; include /etc/nginx/conf.d/*.conf; }
访问后的效果是: