未开启SSL证书
upstream tornadoes{ server 127.0.0.1:8000; server 127.0.0.1:8001; server 127.0.0.1:8002; } proxy_next_upstream error; server { listen 80; # 一般是 80 #ssl on; server_name gworg.com www.gworg.com; #ssl_certificate /etc/nginx/ssl/gworg.com.crt; #私钥文件名称 #ssl_certificate_key /etc/nginx/ssl/gworg.com.key; location /{ proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; # 把请求方向代理传给tornado服务器,负载均衡 proxy_pass http://tornadoes; } }
开启SSL证书
upstream tornadoes{ server 127.0.0.1:8000; server 127.0.0.1:8001; server 127.0.0.1:8002; } proxy_next_upstream error; server{ #监听443端口 listen 443; #对应的域名,把gworg.com改成你们自己的域名就可以了 server_name gworg.com; ssl on; #从Gworg获取到的第一个文件的全路径 ssl_certificate /etc/nginx/ssl/1_www.gworg.com_bundle.crt; #从Gworg获取到的第二个文件的全路径 ssl_certificate_key /etc/nginx/ssl/2_www.gworg.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; #这是我的主页访问地址,因为使用的是静态的html网页,所以直接使用location就可以完成了。 location / { proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; # 把请求方向代理传给tornado服务器,负载均衡 proxy_pass http://tornadoes; } } server{ listen 80; server_name gworg.com; rewrite ^/(.*)$ https://gworg.com:443/$1 permanent; }