实现用户访问maotai.com,直接重定向到https://www.maotai.com
1. maotai.com www.maotai.com
2. http://www.maotai.com https://www.maotai.com
nginx-lb
- nginx-lb证书生成
用户--nginx(证书)--nginx--tomcat
mkdir /data/;cd /data/
openssl req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout domain.key -out domain.crt -subj "/CN=www.maotai.com"
- 启动nginx-lb
docker run -d --net=host --restart=always -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro -v /etc/localtime:/etc/localtime:ro -v /data:/data --name nginx nginx
worker_processes auto;
worker_rlimit_nofile 65535;
# pid logs/nginx.pid;
events {
use epoll;
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr $remote_user [$time_local] "$request" $http_host '
'$status $upstream_status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $ssl_protocol $ssl_cipher $upstream_addr '
'$request_time $upstream_response_time';
server_name_in_redirect off;
client_max_body_size 80m;
client_header_buffer_size 16k;
large_client_header_buffers 4 16k;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_tokens on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_proxied any;
gzip_http_version 1.1;
gzip_comp_level 3;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
# 80-80
# server {
# listen 80;
# server_name www.maotai.com;
# proxy_connect_timeout 1s;
# # proxy_read_timeout 600;
# # proxy_send_timeout 600;
# proxy_buffer_size 128k;
# proxy_buffers 4 256k;
# proxy_busy_buffers_size 256k;
# location / {
# proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
# proxy_pass http://192.168.14.11:80;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# }
#
# }
#443-8080
server {
listen 443 ssl;
server_name www.maotai.com;
ssl on;
ssl_certificate /data/domain.crt;
ssl_certificate_key /data/domain.key;
server_name web-https;
proxy_connect_timeout 1s;
# proxy_read_timeout 600;
# proxy_send_timeout 600;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
proxy_pass http://192.168.14.11:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
stream {
log_format log_stream [$time_local] $protocol $status $bytes_sent $bytes_received $session_time;
access_log /var/log/nginx/access.log log_stream;
error_log /var/log/nginx/error.log;
server {
listen 80;
proxy_timeout 600s;
proxy_pass 192.168.14.11:80;
}
}
nginx配置
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.maotai.com;
proxy_connect_timeout 1s;
# proxy_read_timeout 600;
# proxy_send_timeout 600;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
if ($request_uri !~ (/wechat|/supervisor|/front/account/inviteSpread|/front/thirdParty/thirdPartyAction/netLoanHome)) {
rewrite ^/(.*) https://www.maotai.com/$1 permanent;
}
}
server {
listen 80;
server_name maotai.com;
rewrite ^/(.*) http://www.maotai.com/$1 permanent;
}
}