标签:prot server pre _for 文件 tls 静态资源 ESS 支付
将本地文件系统中(/var/web/portal目录下)的资源映射到http://www.xxx.com
。
server {
listen 80;
server_name www.xxx.com;
location / {
root /var/web/portal;
index index.html;
}
}
将内网资源(http://localhost:8080/
)映射到http://api.xxx.com
。
server {
listen 80;
server_name api.xxx.com;
server_name_in_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://localhost:8080/;
}
}
将内网资源(http://localhost:8080/
)映射到https://api.xxx.com
。这里需要将申请好的ssl证书放到/etc/nginx/tls/
目录下,当然,也可以改成别的目录。
server {
listen 443;
server_name api.xxx.com;
ssl on;
ssl_certificate /etc/nginx/tls/xxx.pem;
ssl_certificate_key /etc/nginx/tls/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name_in_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://localhost:8080/;
}
}
有时,网站需要配置一个txt的验证文件,比如在绑定小程序的业务域名时、或设置第三方支付回调域名时。可将txt文件放在指定目录(/xxx/xxx
),使用下面配置。
server {
listen 443;
server_name api.xxx.com;
ssl on;
ssl_certificate /etc/nginx/ssl/xxx.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name_in_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /cdc4MZITW5.txt {
alias /xxx/xxx;
index cdc4MZITW5.txt;
}
location / {
proxy_pass http://localhost:8080/;
}
}
标签:prot server pre _for 文件 tls 静态资源 ESS 支付
原文地址:https://www.cnblogs.com/guopanbo/p/11961393.html