nginx + ssl(https)
8640 단어 nginx
#user nobody;
worker_processes 4;# , cpu
worker_cpu_affinity 00000001 00000010 00000011 00000101;
timer_resolution 100ms;
error_log logs/error.log error; # , notice 。 debug、info、warn、error、crit ,debug ,。
pid nginx.pid;
worker_rlimit_nofile 102400; # nginx ,
events {
use epoll;
worker_connections 1024000;#
}
http {
include mime.types;
default_type application/octet-stream;
#include proxy.conf; #
reset_timedout_connection on; # 。
recursive_error_pages on; #
limit_conn_zone $binary_remote_addr zone=dahongwa:10m; # zone no
limit_conn dahongwa 25;# , 503 no
limit_req_zone $binary_remote_addr zone=dahongwa2:10m rate=1r/s;
server_tokens off;
#add_header Cache-Control must-revalidate;
#add_header Cache-Control proxy-revalidate;
limit_conn_log_level error;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
log_format cache '***$time_local '
'$upstream_cache_status '
'Cache-Control: $upstream_http_cache_control '
'Expires: $upstream_http_expires '
'"$request" ($status) '
'"$http_user_agent" ';
client_max_body_size 30m; #
sendfile on; #
tcp_nopush on; #
charset utf-8;
keepalive_timeout 120; #
client_header_timeout 10; #
client_body_timeout 10; #
client_header_buffer_size 4k;
open_file_cache max=102400 inactive=20s;#max ,inactive 。
open_file_cache_valid 30s;#30
open_file_cache_min_uses 1;# 1
send_timeout 10; #
proxy_http_version "1.1";
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 302 24h;
proxy_temp_file_write_size 10m;
proxy_temp_path /usr/local/nginx/nginx_cache/temp_dir;
proxy_cache_path /usr/local/nginx/nginx_cache/cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=1g;
proxy_connect_timeout 300s;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 32k;
proxy_buffers 8 128k;
proxy_busy_buffers_size 256k;
#proxy_redirect off;
#proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#httpGzip modules
gzip on; # gzip
gzip_disable "MSIE [1-6].";# IE1-6
gzip_min_length 1k; #
gzip_buffers 8 48k; # 4 16K
gzip_http_version 1.1; # http , 1.1
gzip_comp_level 2; # gzip ,1-9 , , .
gzip_types text/plain application/x-javascript text/css text/javascript application/x-httpd-php ;#image/jpeg image/gif image/png;
#
upstream www.dahongwa.com{
ip_hash;
#server 192.168.0.11*:8081 weight=10 max_fails=4 fail_timeout=30s;
#server 192.168.0.11*:8082 weight=10 max_fails=4 fail_timeout=30s;
server 192.168.0.11*:8083 weight=10 max_fails=4 fail_timeout=30s;
#server 192.168.0.11*:8084 weight=10 max_fails=4 fail_timeout=30s;
}
#
upstream img.dahongwa.com{
server 192.168.0.12*:9019 weight=10 max_fails=4 fail_timeout=30s;
#server 192.168.0.12*:9019 weight=10 max_fails=4 fail_timeout=30s;
}
upstream https.dahongwa.com{
server 192.168.0.1*:8443 weight=10 max_fails=4 fail_timeout=30s;
#server 192.168.0.1*:8444 weight=10 max_fails=4 fail_timeout=30s;
}
### ip
#server{
#server_name _;
#return 404;
#access_log off;
#}
server {
listen 80;
server_name www.dahongwa.com dahongwa.com *.dahongwa.com ;
root www.dahongwa.com;
location /{
index index.html index.jsp index.htm;
proxy_redirect off;
proxy_pass http://www.dahongwa.com; #
}
location ~ .*\.(sh|bash)(.*){
rewrite ^/(.*) http://www.dahongwa.com;
}
location ~ /common/.*\.(gif|jpg|png|htm|jpeg|bmp|html|flv|ico|swf|doc)(.*) {
if ( -f $request_filename ) {
expires 10y;
}
proxy_cache cache_one;
proxy_cache_valid 200 304 302 24h;
proxy_cache_valid any 10m;
proxy_cache_key $host$uri$is_args$args;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_cache_methods GET HEAD POST;
proxy_cache_min_uses 1;
expires max;
#access_log logs/static.img.dahongwa.com.log;
access_log off;
}
location ~ /purge(/.*) {
allow 10.244.1.170;
allow 10.1.7.114;
allow 10.1.7.115;
#deny all;
# proxy_cache_purge cache_one $host$uri$is_args$args;
}
#access_log logs/www.dahongwa.com.log;
access_log off;
}
server {
listen 80;
server_name img.dahongwa.com www.img.dahongwa.com *.img.dahongwa.com;
root www.dahongwa.com;
location /{
index index.html index.jsp index.htm;
proxy_cache cache_one;
proxy_cache_valid 200 304 302 24h;
proxy_cache_valid any 10m;
proxy_cache_key $host$uri$is_args$args;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_cache_methods GET HEAD POST;
proxy_cache_min_uses 1;
expires 10y;
proxy_pass http://img.dahongwa.com; #
#access_log logs/photo.9019.dahongwa.com.log;
access_log off;
}
##
location ~ /photoserver/.*\.(gif|jpg|png|htm|jpeg|bmp|html|flv|ico|swf|doc)(.*) {
#root nginx_cache/cache;
if (!-f $request_filename) {
proxy_pass http://img.dahongwa.com; #
}
proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_cache_methods GET HEAD POST;
proxy_cache_min_uses 1;
expires max;
access_log logs/img.dahongwa.com.log;
}
}
server {
listen 443 ssl;
server_name https.dahongwa.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/cert/1_www.dahongwa.com_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/cert/2_www.dahongwa.com.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
location / {
proxy_pass https://https.dahongwa.com;
proxy_set_header Host $host:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
}
}
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
간단! Certbot을 사용하여 웹 사이트를 SSL(HTTPS)화하는 방법초보자가 인프라 주위를 정돈하는 것은 매우 어렵습니다. 이번은 사이트를 간단하게 SSL화(HTTP에서 HTTPS통신)로 변경하는 방법을 소개합니다! 이번에는 소프트웨어 시스템 Nginx CentOS7 의 환경에서 S...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.