1.下载域名的ssl证书,由于项目部署在阿里云上,就用了阿里推荐的赛门铁克,用Let‘s Encrypt的也不错。
2.nginx的配置如下:
worker_processes 8; error_log error.log; events { worker_connections 1024; } http{ server_tokens off; include mime.types; default_type application/octet-stream; log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘ ‘$status $body_bytes_sent "$http_referer" ‘ ‘"$http_user_agent" "$http_x_forwarded_for"‘; access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; #工程1 upstream project1_http{ #工程1端口 server ip地址:8190; } upstream project2_http{ #工程2端口 server ip地址:8089; } server { listen 80; server_name website_http; charset utf-8; access_log logs/web.log; //域名后子访问名 location /project1/ { proxy_pass http://project1_http/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } location /project2/ { proxy_pass http://project2_http/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } } #项目使用到了腾讯云的对象存储功能,用于存储图片、视频 upstream cos-auth-server{ #鉴权443口 server ip地址:33575; } upstream project2_https{ #项目443口 server ip地址:8089; } server { listen 443; server_name website_https; ssl on; ssl_certificate cert/证书.pem; ssl_certificate_key cert/证书.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; ssl_prefer_server_ciphers on; location /cosauth/ { proxy_pass http://cos-auth-server/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } location /project2/ { proxy_pass http://project2_https/; proxy_redirect off; proxy_intercept_errors on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; proxy_connect_timeout 300s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #proxy_redirect default; } } }
原文地址:https://www.cnblogs.com/daidao/p/8325352.html
时间: 2024-10-18 19:57:07