nginx配置及HTTPS配置示例

时间:2023-03-09 15:48:24
nginx配置及HTTPS配置示例

一、nginx简单配置示例

user  www www;

worker_processes ;

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

#最大文件描述符

worker_rlimit_nofile ;

events

{

      use epoll;

      worker_connections ;

}

http

{

      include       conf/mime.types;

      default_type  application/octet-stream;

      keepalive_timeout ;

      tcp_nodelay on;

      upstream  www.xxx.com  {

              server   192.168.1.2:;

              server   192.168.1.3:;

              server   192.168.1.4:;

              server   192.168.1.5:;

      }

      upstream  blog.xxx.com  {

              server   192.168.1.7:;

              server   192.168.1.7:;

              server   192.168.1.7:;

      }

      server

      {

              listen  ;

              server_name  www.xxx.com;

              location / {

                       proxy_pass        http://www.zyan.cc;

                       proxy_set_header   Host             $host;

                       proxy_set_header   X-Real-IP        $remote_addr;

                       proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

                       proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;

              }

              log_format  www_xxx_com  '$remote_addr - $remote_user [$time_local] $request '

                                '"$status" $body_bytes_sent "$http_referer" '

                                '"$http_user_agent" "$http_x_forwarded_for"';

              access_log  /data1/logs/www.log  www_xxx_com;

      }

      server

      {

              listen  ;

              server_name  blog.xxx.com;

              location / {

                       proxy_pass        http://blog.zyan.cc;

                       proxy_set_header   Host             $host;

                       proxy_set_header   X-Real-IP        $remote_addr;

                       proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

                       proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;

              }

              log_format  blog_xxx_com  '$remote_addr - $remote_user [$time_local] $request '

                                '"$status" $body_bytes_sent "$http_referer" '

                                '"$http_user_agent" "$http_x_forwarded_for"';

              access_log  /data1/logs/blog.log  blog_xxx_com;

      }

}

二、HTTPS配置示例

upstream  xxx_xxx_xxx  {

    server   192.168.1.7:;

    server   192.168.1.7:;

    server   192.168.1.7:;

}

server {

    listen ;

    server_name xxx.xxx.xxx;

    access_log /home/chenwebstore1/logs/xxx.xxx.xxx/https./access.log combined;

    error_log /home/chenwebstore1/logs/xxx.xxx.xxx/https./error.log error;

    ssl on;

    ssl_certificate keys/xxx.xxx.xxx.pem;

    ssl_certificate_key keys/xxx.xxx.xxx.key;

    ssl_session_cache shared:ssl.xxx.xxx.xxx:128k;

    ssl_protocols TLSv1 TLSv1. TLSv1.;

    location / {

        proxy_pass        http://xxx_xxx_xxx;

        proxy_set_header   Host             $host;

        proxy_set_header   X-Real-IP        $remote_addr;

        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;

    }

}

其中ssl_certificate_key文件格式为:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

其中ssl_certificate文件格式(后缀可以为cer)为:

(Certificate:)
----BEGIN CERTIFICATE-----
----END CERTIFICATE-----
(Intermediate Certificate:)
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

上面这三段字符串值可以在HTTPS证书申请时获取到。

相关文章