1.nginx的https配置
nginx.conf需要在http下添加include /usr/local/nginx/conf.d/*.conf;位置如下
#keepalive_timeout ``0``;keepalive_timeout 65;include /usr/local/nginx/conf.d/*.conf;#gzip on; |
|---|
新建conf.d/f2c.conf文件(http和https同时开启)
| upstream servers.cmp.com { ip_hash; server 10.39.64.11:80 fail_timeout=100s max_fails=1; server 10.39.64.12:80 fail_timeout=100s max_fails=1; } server { listen 80; listen 443 ssl; server_name cmp.maezia.com; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; if ($server_port = 80) { rewrite ^(.)$ https://$host$1 permanent; } location / { add_header Access-Control-Allow-Origin ; add_header Access-Control-Allow-Methods ‘GET, POST, OPTIONS’; add_header Access-Control-Allow-Headers ‘DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization’; if ($request_method = ‘OPTIONS’) { return 204; } client_max_body_size 1024M; #上传文件大小限制 sendfile on; #设置为on表示启动高效传输文件的模式 keepalive_timeout 1800; #保持连接的时间 proxy_redirect off; proxy_redirect http:// $scheme://; proxy_pass http://servers.cmp.com; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; } } |
|---|
警告信息:nginx: [warn] the ``"ssl" directive is deprecated, use the ``"listen ... ssl" directive instead ``**in** /etc/nginx/conf.d/f2clb.conf:12解决办法:删除ssl on就行了,改成server {listen 443 ssl; |
|---|
若有收获,就点个赞吧
0 人点赞
