https配置html
server { listen 443; server_name xxxx.aaa.com; ssl on; # cart.crt和cert.key文件放在nginx.conf同級的cert目錄裏 ssl_certificate cert/cert-xxxx.crt; ssl_certificate_key cert/cert-xxxx.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass https://api.aaa.com; } } # 強制跳轉https server { listen 80; server_name xxxx.aaa.com; return 301 https://$server_name$request_uri; location / { proxy_pass https://api.aaa.com; } }
負責均衡nginx
upstream ws_server { server 173.12.20.205:8085 weight=1; server 174.14.13.153:8085 weight=1; } server { listen 443; server_name xxx.bbbb.com; ssl on; #root html; #index index.html index.htm; ssl_certificate cert/cert-xxx.crt; ssl_certificate_key cert/cert-xxx.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://ws_server; } }
根據uri跳轉web
location /websocket { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For proxy_pass http://127.0.0.1:9085; }
跨域CROS設置api
location / { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Headers *; # 手機瀏覽器可能會報錯,改爲'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Referer' proxy_pass https://open.sobot.com; }