nginx ssl 部分加密

标签：

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user              nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
                      ‘$status $body_bytes_sent "$http_referer" ‘
                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    
    # Load config files from the /etc/nginx/conf.d directory
    # The default server is in conf.d/default.conf
    include /etc/nginx/conf.d/*.conf;

    upstream yzy_b2c {
    server 114.112.101.148;
    }

     server {
        listen      80;
        server_name www.qixinglicai.com;
            location / {
                proxy_pass http://114.112.101.147:8080;
                index  index.htm;
                proxy_set_header Host $host;
                proxy_set_header X-Real-Ip $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_connect_timeout 10;
                proxy_read_timeout 120;
            }    
    
           location ~* /userCenter/{
                rewrite ^(.*) https://www.qixinglicai.com$1 permanent;
           }
           location ~* /userset/{
                rewrite ^(.*) https://www.qixinglicai.com$1 permanent;
           }
           location ~* (index\.ac|regist\.ac|selectUserByLog\.ac|transferDetail\.ac|transferDetail\.ac|checkfavoritepage\.ac|selectAllCommentsByParty\.ac|refercomplaint\.ac|getAllLetterForParty\.ac|getNewsSubscriptionByPartyId\.ac|tophoneident\.ac){
                rewrite ^(.*) https://www.qixinglicai.com$1 permanent;
           }
           

           location ~* /(shoppingCart\.ac|shoppingCartList\.ac|shoppingCartByUser\.ac|shoppingCartByContract\.ac|payOrder\.ac|sucPayOrder\.ac|checkOrder\.ac){
                rewrite ^(.*) https://www.qixinglicai.com$1 permanent;
           }


    }



    # HTTPS server
        server {
            listen       443;
            server_name  www.qixinglicai.com;

            ssl                  on;
            ssl_certificate      /usr/local/conf/mycert.cer;
            ssl_certificate_key  /usr/local/conf/mykey.key;

            ssl_session_timeout  25m;

            ssl_protocols   SSLv3 TLSv1;
            ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
            ssl_prefer_server_ciphers   on;


             location ~* /userCenter/{
                proxy_pass http://114.112.101.147:8080;
                index  index.htm;
                proxy_set_header Host $host;
                proxy_set_header X-Real-Ip $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_connect_timeout 10;
                proxy_read_timeout 120;
             }
             location ~* /userset/{
                proxy_pass http://114.112.101.147:8080;
                index  index.htm;
                proxy_set_header Host $host;
                proxy_set_header X-Real-Ip $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_connect_timeout 10;
                proxy_read_timeout 120;
             }

           location ~* (index\.ac|regist\.ac|selectUserByLog\.ac|transferDetail\.ac|transferDetail\.ac|checkfavoritepage\.ac|selectAllCommentsByParty\.ac|refercomplaint\.ac|getAllLetterForParty\.ac|getNewsSubscriptionByPartyId\.ac|tophoneident\.ac){
                proxy_pass http://114.112.101.147:8080;
                index  index.htm;
                proxy_set_header Host $host;
                proxy_set_header X-Real-Ip $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_connect_timeout 10;
                proxy_read_timeout 120;
             }
              

             location ~* /(shoppingCart\.ac|shoppingCartList\.ac|shoppingCartByUser\.ac|shoppingCartByContract\.ac|payOrder\.ac|sucPayOrder\.ac|checkOrder\.ac){
                proxy_pass http://114.112.101.147:8080;
                index  index.htm;
                proxy_set_header Host $host;
                proxy_set_header X-Real-Ip $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_connect_timeout 10;
                proxy_read_timeout 120;
             }

        
             location ~ \.(css|js|gif|png|jpg)$ {
                proxy_pass http://114.112.101.147:8080;
                proxy_set_header Host $host;
                proxy_set_header X-Real-Ip $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
             }
             location / {
                rewrite ^(.*) http://www.qixinglicai.com$1 permanent;
             }
            
            
    }



}

nginx ssl 部分加密

标签：

原文地址：http://www.cnblogs.com/panyf/p/4923549.html