nginx 配置 HTTPS 及http 强制跳转https.

#user nobody;

worker_processes 1;

#error_log logs/error.log;

#error_log logs/error.log notice;

#error_log logs/error.log info;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '

# '$status $body_bytes_sent "$http_referer" '

# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;

#tcp_nopush on;

#keepalive_timeout 0;

keepalive_timeout 65;

#gzip on;

map $http_upgrade $connection_upgrade {

default upgrade;

'' close;

}

 

upstream websocket {

server 192.168.9.201:8667;

}

server {

listen 80;

server_name 192.168.9.201;

rewrite ^(.*) https://$server_name$1 permanent; #强制http 跳转到https地址

#charset koi8-r;

#access_log logs/host.access.log main;

location / {

        index index.html;

    root /opt/nginx-web/iphm/;

            autoindex on;

        #rewrite ^(.*)$ https://$host$1 permanent;

}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html;

location /config {

         index index.html;

root /opt/nginx-web/config/;

autoindex on;

}

 

     location ^~ /websocket/alarm {

     proxy_pass http://websocket;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection $connection_upgrade;

}       

}

# another virtual host using mix of IP-, name-, and port-based configuration

#

    server {

listen 8888;

        server_name 192.168.9.201;

rewrite ^(.*) https://$server_name:888$1 permanent;

location / {

         index index.html;

root /opt/nginx-web/config/;

autoindex on;

}

}

server {

listen 8889;

        server_name localhost;

location / {

         index index.html;

root /opt/nginx-web/diagnostic/;

autoindex on;

}

}

#HTTPS server

 

    server {

        listen 3001;

        server_name localhost;

        location / {

            #index index.html;

            #root /opt/nginx-web/iphm/;

            proxy_pass http://192.168.9.10:8102;

        }

    }

    # HTTPS server

#

server {

listen 443 ssl;

server_name 192.168.9.201;

ssl on;

ssl_certificate /usr/local/webserver/nginx/keys/server.crt;

ssl_certificate_key /usr/local/webserver/nginx/keys/server.key;

ssl_protocols SSLv2 SSLv3 TLSv1;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_prefer_server_ciphers on;

# location /saml {

# proxy_pass http://192.168.70.34:8104;

# }

# location /sso {

# proxy_pass http://192.168.70.34:8104;

# }

location / {

root /opt/nginx-web/iphm;

index index.html;

autoindex on;

}

location /grafana {

rewrite ^(/grafana)(.*)$ $2 break;

proxy_pass http://192.168.9.201:3000;

}

location /zuul {

rewrite ^(/zuul)(.*)$ $2 break;

proxy_pass http://192.168.9.10:8102;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

location ^~ /websocket/alarm {

     proxy_pass http://websocket;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection $connection_upgrade;

}

        error_log logs/error_8889.log error;

}

server {

listen 888 ssl;

server_name 192.168.9.201;

ssl on;

ssl_certificate /usr/local/webserver/nginx/keys/server.crt;

ssl_certificate_key /usr/local/webserver/nginx/keys/server.key;

ssl_protocols SSLv2 SSLv3 TLSv1;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_prefer_server_ciphers on;

# location /saml {

# proxy_pass http://192.168.70.34:8104;

# }

# location /sso {

# proxy_pass http://192.168.70.34:8104;

# }

location / {

root /opt/nginx-web/config;

index index.html;

autoindex on;

}

        error_log logs/error_888.log error;

}

server {

listen 300 ssl;

server_name 192.168.9.201;

ssl on;

ssl_certificate /usr/local/webserver/nginx/keys/server.crt;

ssl_certificate_key /usr/local/webserver/nginx/keys/server.key;

ssl_protocols SSLv2 SSLv3 TLSv1;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_prefer_server_ciphers on;

# location /saml {

# proxy_pass http://192.168.70.34:8104;

# }

# location /sso {

# proxy_pass http://192.168.70.34:8104;

# }

location / {

proxy_pass http://192.168.9.201:3000$request_uri;

}

location ^~/pubilc/ {

proxy_pass http://192.168.9.201:3000$request_uri;

}

        error_log logs/error_300.log error;

}

}