zoukankan html css js c++ java

nginx 配置强制访问https

使用nginx的301状态码


server {
    listen 80;

    if ($scheme = 'http') {
    return 301 https://$server_name$request_uri;
    }
#   下面是一种旧的写法
#   if ( $scheme = 'http' ){rewrite ^(.*)$  https://$host$1 permanent;}

    listen 443 ssl http2;
    server_name xxx.com;
    ssl_certificate    /usr/local/nginx/ssl/xxx.com.crt;
    ssl_certificate_key    /usr/local/nginx/ssl/xxx.com.key;
    ssl_trusted_certificate    /usr/local/nginx/ssl/xxx.com.crt;

    # SSL
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    # Mozilla Intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    # OCSP Stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
    resolver_timeout 2s;

    # reverse proxy
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version  1.1;
        proxy_cache_bypass  $http_upgrade;

        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_set_header X-Forwarded-Host   $host;
        proxy_set_header X-Forwarded-Port   $server_port;
    }

    # favicon.ico
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    # robots.txt
    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    # assets, media
    location ~* .(?:css(.map)?|js(.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
        expires 7d;
        access_log off;
    }

    # svg, fonts
    location ~* .(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
        add_header Access-Control-Allow-Origin "*";
        expires 7d;
        access_log off;
    }

    # gzip
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

}

查看全文

相关阅读:
06 is和==的区别 encode()编码 decode()解码
 05 dic的增删改查字典的嵌套考试题dic.get()的相关使用
 03 编码 int ,bool,str的常用操作主要讲str
01 基本数据类型变量 if语句
 04 列表的增删改查常用方法元祖 range
02 while循环格式化输出运算符
 多校2 Harmonious Army hdu6598 网络流
 P3159 [CQOI2012]交换棋子网络流
 P2172 [国家集训队]部落战争最大流
 P2402 奶牛隐藏网络流

原文地址：https://www.cnblogs.com/faberbeta/p/nginx011.html

nginx 配置 强制访问https

nginx 配置强制访问https