码迷,mamicode.com
首页 > Web开发 > 详细

[svc]nginx集群https访问配置

时间:2018-03-15 15:10:11      阅读:296      评论:0      收藏:0      [点我收藏+]

标签:post   remote   uri   super   script   dir   war   mime   图片   

实现用户访问maotai.com,直接重定向到https://www.maotai.com

1. maotai.com www.maotai.com
2. http://www.maotai.com https://www.maotai.com

技术分享图片

nginx-lb

  • nginx-lb证书生成

用户--nginx(证书)--nginx--tomcat

mkdir /data/;cd /data/
openssl req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout domain.key -out domain.crt -subj "/CN=www.maotai.com"
  • 启动nginx-lb
docker run  -d     --net=host     --restart=always     -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro     -v /etc/localtime:/etc/localtime:ro     -v /data:/data     --name nginx nginx
worker_processes auto;
worker_rlimit_nofile 65535;

# pid logs/nginx.pid;

events {
    use epoll;
    worker_connections  51200;
}

http {
    include mime.types;
    default_type application/octet-stream;
    log_format main '$remote_addr $remote_user [$time_local] "$request" $http_host '
    '$status $upstream_status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" $ssl_protocol $ssl_cipher $upstream_addr '
    '$request_time $upstream_response_time';
    server_name_in_redirect off;
    client_max_body_size 80m;
    client_header_buffer_size 16k;
    large_client_header_buffers 4 16k;
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 65;
    server_tokens on;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_proxied any;
    gzip_http_version 1.1;
    gzip_comp_level 3;
    gzip_types text/plain application/x-javascript text/css application/xml;
    gzip_vary on;

    # 80-80
#    server {
#        listen       80;
#        server_name  www.maotai.com;
#        proxy_connect_timeout 1s;
#        # proxy_read_timeout 600;
#        # proxy_send_timeout 600;
#        proxy_buffer_size 128k;
#        proxy_buffers 4 256k;
#        proxy_busy_buffers_size 256k;
#        location / {
#            proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
#            proxy_pass http://192.168.14.11:80;
#            proxy_set_header Host $host;
#            proxy_set_header X-Real-IP $remote_addr;
#            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#        }
#
#    }

    #443-8080
    server {
        listen       443 ssl;
        server_name  www.maotai.com;
        ssl on;
        ssl_certificate     /data/domain.crt;
        ssl_certificate_key /data/domain.key;

        server_name web-https;
        proxy_connect_timeout 1s;
        # proxy_read_timeout 600;
        # proxy_send_timeout 600;
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        location / {
            proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
            proxy_pass http://192.168.14.11:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}

stream {
    log_format log_stream [$time_local] $protocol $status $bytes_sent $bytes_received $session_time;
    access_log /var/log/nginx/access.log log_stream;
    error_log  /var/log/nginx/error.log;

    server {
        listen                  80;
        proxy_timeout           600s;
        proxy_pass              192.168.14.11:80;
    }
}

nginx配置

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80;
        server_name  www.maotai.com;
        proxy_connect_timeout 1s;
        # proxy_read_timeout 600;
        # proxy_send_timeout 600;
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        location / {
            proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
            proxy_pass http://127.0.0.1:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        if ($request_uri !~  (/wechat|/supervisor|/front/account/inviteSpread|/front/thirdParty/thirdPartyAction/netLoanHome)) {
            rewrite ^/(.*) https://www.maotai.com/$1 permanent;
        }
    }

    server {
        listen  80;
        server_name maotai.com;
        rewrite ^/(.*) http://www.maotai.com/$1 permanent;
    }
}

[svc]nginx集群https访问配置

标签:post   remote   uri   super   script   dir   war   mime   图片   

原文地址:https://www.cnblogs.com/iiiiher/p/8573474.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!