Nginx 配置之HTTPS和WSS那些你不知道的事!

Nginx主配置文件

user www www;
worker_processes auto;
pid /usr/local/nginx/logs/nginx.pid;
error_log /www/wwwlogs/nginx_error.log crit;
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
multi_accept on;
}

http
{
include mime.types;
#include proxy.conf;
#include luawaf.conf;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

default_type application/octet-stream;

server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;

sendfile on;
tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;

fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6].";

limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;

server_tokens off;
access_log on;

include /usr/local/nginx/conf/vhost/*.conf;
}

Vhost独立 配置篇

server {
listen 443 ssl;#默认https和wss协议端口
server_name gagaxi.com;
root /www/wwwroot/Leliao;
index index.html index.htm;
access_log /www/wwwroot/lelian.access.log main;

#ssl on;
ssl_certificate /usr/local/nginx/conf/vhost/ssl/leyuht.com_chain.crt;#你的上传到服务器的证书位置
ssl_certificate_key /usr/local/nginx/conf/vhost/ssl/leyuht.com_key.key;#你的上传到服务器的证书位置
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
underscores_in_headers on;#开启自定义头信息的下划线

location /api {
proxy_pass http://127.0.0.1:9004/;
}

location / {
try_files $uri $uri/ /index.html;
}

#wss协议转发 小程序里面要访问的链接
location /wss {
proxy_pass http://gagaxi.com:9001/ws;#代理到上面的地址去
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
#https协议转发 小程序里面要访问的链接
#location / {
# proxy_pass http://web;#代理到原有的http的地址去
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# add_header Access-Control-Allow-Origin *;#跨域访问设置
#}
error_page 500 502 503 504 /500.html;
client_max_body_size 20M;
keepalive_timeout 10;