nginx对tomact端口负载均衡转发配置SSL证书
upstream www.gworg.com {
server 127.0.0.1:8080;
server 127.0.0.1:8021;
}
server {
listen 80;
server_name www.gworg.com;
accessess_log /data/logs/nginx/scm_access.log;
error_log /data/logs/nginx/error.log;
location / {
proxy_pass http://www.gworg.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443;
server_name www.gworg.com;
ssl on;
ssl_certificate /usr/local/ssl/ssl.crt;
ssl_certificate_key /usr/local/ssl/ssl.key;
location / {
proxy_pass http://www.gworg.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}配置方法二参考
upstream adminsvr {
server 127.0.0.1:8013;
server 127.0.0.1:8014 down;
}
server
{
listen 80;
server_name 127.0.0.1;
#自动跳转到HTTPS (可选)
if ($server_port = 80) {
rewrite ^(.*)$ https://$host$1 permanent;
}
#自动跳转到HTTPS结束
location /
{
proxy_pass http://127.0.0.1:8013;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# Settings for a TLS enabled server.
#
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 127.0.0.1;
ssl_certificate "/usr/local/nginx/conf/cert.crt";
ssl_certificate_key "/usr/local/nginx/conf/cert.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /{
proxy_pass http://127.0.0.1:8013;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}- 上一篇: 忘记宝塔面板修改密码方法
- 下一篇: apahce重启命令
- 数字证书 (DocSign证书)
- 代码签名证书
- S/MIME邮件证书
- PDF/Office文档签名证书
- 解决方案 (Solution)
- SSLCloud证书云监控
- MPKI SSL证书管理
- HTTPS全站加密
- 加密无处不在方案
- SSL证书安全评估
- HSTS防劫持
Copyright © 1998 - Gworg, Inc. All Rights Reserved. 江苏光网数字认证有限公司版权所有
苏ICP备15058404号 苏公网安备32058202010008号
