标签:
在nginx.conf中增加新server配置
server { listen 443; server_name www.some.com; ssl on; ssl_certificate sslkey/some.com.crt; ssl_certificate_key sslkey/some.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:-LOW:!aNULL:!eNULL; ssl_prefer_server_ciphers on; location / { proxy_pass http://tomcat_www; } access_log logs/www-ssl.access.log main; }
对于需要强制跳转的80端口访问, 使用
server { listen 80; server_name www.some.com; location / { root /var/www/html; index index.html; # meta jump to https } access_log logs/www.access.log main; }
index.html使用
<html> <meta http-equiv="refresh" content="0;url=https://www.some.com/"> </html>
其他的跳转方案一:
server { listen 192.168.1.111:80; server_name test.com; rewrite ^(.*)$ https://$host$1 permanent; }
方案二
server { listen 192.168.1.11:443; #ssl端口 listen 192.168.1.11:80; #用户习惯用http访问,加上80,后面通过497状态码让它自动跳到443端口 server_name test.com; #为一个server{......}开启ssl支持 ssl on; #指定PEM格式的证书文件 ssl_certificate /etc/nginx/test.pem; #指定PEM格式的私钥文件 ssl_certificate_key /etc/nginx/test.key; #让http请求重定向到https请求 error_page 497 https://$host$uri?$args; }
标签:
原文地址:http://www.cnblogs.com/milton/p/5116729.html
