zoukankan      html  css  js  c++  java
  • 记录一个nginx的proxy_pass

    server {
    	listen 80;
    	server_name www.hw801.com;
    	server_name_in_redirect off;
    	access_log  /home/logs/nginx/www.hw801.com/access_log main;
            error_log  /home/logs/nginx/www.hw801.com/error_log;
    	log_not_found on;
    
    	location / {
    		proxy_read_timeout      300;
    		proxy_connect_timeout   300;
    		proxy_redirect          off;
    		proxy_http_version 1.1;
    		proxy_pass				http://10.10.10.12;
    		proxy_set_header    Host                $host;
    		proxy_set_header    X-Real-IP           $remote_addr;
    		proxy_set_header    X-Forwarded-Ssl     on;
    		proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    	}
    }
    
    server {
    	listen 443 ssl;
            server_name www.hw801.com;
    	server_name_in_redirect off;
    	#ssl			on;
    	ssl_certificate		certs/hw801.com.crt;
    	ssl_certificate_key	certs/hw801.com.key;
    	ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
    	ssl_ciphers		"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RS
    A-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DE
    S-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    	#ssl_prefer_server_ciphers	on;
    	ssl_session_cache		shared:SSL:10m;
    	ssl_session_timeout		10m;
            access_log  /home/logs/nginx/www.hw801.com/access443_log main;
            error_log  /home/logs/nginx/www.hw801.com/error443_log;
    	log_not_found on;
    	location / {
    		proxy_read_timeout      300;
    		proxy_connect_timeout   300;
    		proxy_redirect          off;
    		proxy_http_version 1.1;
    		proxy_pass				http://10.10.10.12;
    		proxy_set_header    Host                $host;
    		proxy_set_header    X-Real-IP           $remote_addr;
    		proxy_set_header    X-Forwarded-Ssl     on;
    		proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    		proxy_set_header    X-Forwarded-Proto   https;
    		proxy_set_header    X-Forwarded-Port    443;
    	}
    }     
    

    可增加80强制443

    	if ($scheme != https) {
    		rewrite ^(.+)$ https://$host$1 permanent;
    	}
    

      

  • 相关阅读:
    12月上旬的一些记录
    11月底的记录
    备考 19号
    在android 中开发java.net.SocketException: socket failed: EACCES (Permission denied) 报错
    使用JAVA NIO实现的UDP client和server
    ANSI X9.8标准 PIN xor PAN获取PIN BlOCK
    直接拿来用!最火的iOS开源项目(一)
    Anroid ListView分组和悬浮Header实现
    Android 联网监控抓包工具的制作(tcpdump的使用)
    Android tcpdump抓包应用实现
  • 原文地址:https://www.cnblogs.com/xzlive/p/9372835.html
Copyright © 2011-2022 走看看