server { listen 443 ssl; #监听443端口 server_name www.app01.com; ssl on; #启用ssl加密 ssl_certificate /etc/cert/xip.io.crt; #服务器证书crt文件 ssl_certificate_key /etc/cert/xip.io.key; #服务器私钥key文件 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://192.168.1.109:8010/; } } server { listen 443 ssl; server_name www.app02.com; ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://192.168.1.116:8020/; }
后端app宕机会被踢掉,恢复自动加入:
upstream app_pools { session_sticky; server 192.168.1.109:8010 weight=1; server 192.168.1.116:8020 weight=1; check interval=3000 rise=2 fall=4 timeout=2000; } server { listen 443 ssl; server_name www.app01.com; ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://app_pools; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for; } }
配置间容http https两种:
server { listen 80; listen 443; server_name www.app01.com; ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.100.0.195:8010/; } }
如果在主配置文件中监听的端口不是80,再虚机的时候配置文件是如下:注释掉ssl on; 在listen 443 后面加上ssl;
[root@ha01 conf]# cat hosts.conf upstream app01_pools { session_sticky; server 10.100.0.195:8010 weight=1; #server 192.168.1.116:8020 weight=1; check interval=3000 rise=2 fall=4 timeout=2000; } upstream app02_pools { session_sticky; server 10.100.0.192:8020 weight=1; check interval=3000 rise=2 fall=4 timeout=2000; } server { listen 80; listen 443 ssl; server_name www.app01.com apps01.com; #ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://app01_pools; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for; } } server { listen 80; listen 443 ssl; server_name www.app02.com app02.com; #ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://app02_pools; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } [root@ha01 co
nginx 配置https 经测试 支持location 规则
还有一点就是nginx只要一个vhost开了80端口,也就是服务器开了80端口,当配另一台https时即不配上80端口,同会有80端口,因为服务器,已经开来不80.