我要评论配置文件 默认放置位置:{nginx}/conf.d/,以conf结尾
一、http简单配置
server {
listen 80;
server_name www.test.cn;
root /mnt/website/root;
if ( $query_string ~* ".*[;'<>].*" ){
return 404;
}
if ( $query_string ~* ".*script.*" ){
return 404;
}
location ~* ^/web-inf/.*$
{
deny all;
}
location ~* ^/(userfiles|userfiles|images|images|upload)/.*\.(jsp|js)$
{
deny all;
}
location / {
proxy_set_header host $host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8888;
}
}
server{
server_name test.cn;
root /mnt/website/root;
location ^~ / {
rewrite ^(.*) http://www.test.cn$1 permanent;
}
}说明:
1,http默认端口是80
2,http://127.0.0.1:8888;为实际本地服务端口
3,一般服务域名为二级域名www,一级域名一般也配置指向www域名。
二、https配置
首先得申请ssl证书,百度,阿里都有免费证书可用,申请成功后,下载nginx压缩包,解压后,可见两种后缀文件,一个是xxx.key,另一个是xxx.crt,或者是xxx.pem。文件名可以随意更改,一般改为域名。
其次是配置文件配置
server {
listen 443;
server_name www.test.cn;
root /mnt/website/root;
ssl on;
ssl_certificate /etc/nginx/ssl/www.test.cn.crt;
ssl_certificate_key /etc/nginx/ssl/www.test.cn.key;
ssl_session_timeout 5m;
ssl_protocols sslv3 tlsv1;
ssl_ciphers high:!adh:!export56:rc4+rsa:+medium;
ssl_prefer_server_ciphers on;
if ( $query_string ~* ".*[;'<>].*" ){
return 404;
}
if ( $query_string ~* ".*script.*" ){
return 404;
}
location ~* ^/imgpath/.*$
{
rewrite ^/imgpath(.*) http://img.test.cn/imgpath$1 last;
}
location ~* ^/web-inf/.*$
{
deny all;
}
location ~* ^/(userfiles|userfiles|images|images|upload)/.*\.(jsp|js)$
{
deny all;
}
location / {
proxy_set_header host $host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8888;
}
}说明:
1,https端口为443,此端口不是服务器默认开放端口,需要单独打开。
2,ssl文件放置正确即可。crt文件换成pem文件亦可。
3,资源文件路径可指向其他域名,可见location ~* ^/imgpath/.*$这段
三、单域名指向本地不同服务,以https配置为例
upstream shop {
server 127.0.0.1:7777;
}
server {
listen 443;
server_name www.test.cn;
root /mnt/website/root;
ssl on;
ssl_certificate /etc/nginx/ssl/www.test.cn.crt;
ssl_certificate_key /etc/nginx/ssl/www.test.cn.key;
ssl_session_timeout 5m;
ssl_protocols sslv3 tlsv1;
ssl_ciphers high:!adh:!export56:rc4+rsa:+medium;
ssl_prefer_server_ciphers on;
if ( $query_string ~* ".*[;'<>].*" ){
return 404;
}
if ( $query_string ~* ".*script.*" ){
return 404;
}
location ~* ^/imgpath/.*$
{
rewrite ^/imgpath(.*) http://img.test.cn/imgpath$1 last;
}
location ~* ^/web-inf/.*$
{
deny all;
}
location ~* ^/(userfiles|userfiles|images|images|upload)/.*\.(jsp|js)$
{
deny all;
}
location / {
rewrite ^(.*) https://www.test.com$1 permanent;
}
location /shop/ {
proxy_pass http://shop;
proxy_redirect off;
proxy_set_header host $host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 2 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
}
说明:
1,upstream shop,shop只能出现一次
2,可以是本地服务,亦可是其他ip服务,127.0.0.1换成对应ip即可
3,location /shop/ ,此块必须在server的区块内,/shop/为访问路径,即https://www.test.cn/shop/xxx,为访问路径
到此这篇关于nginx配置http和https的实现步骤的文章就介绍到这了,更多相关nginx配置http和https内容请搜索代码网以前的文章或继续浏览下面的相关文章希望大家以后多多支持代码网!
发表评论