nginx 反向代理 配置 https 實現http https同時存在 經測試 支持location 規則

 

server {
        listen 443 ssl;  ＃監聽443端口
        server_name www.app01.com;
        ssl on;                ＃啓用ssl加密
        ssl_certificate /etc/cert/xip.io.crt;                 ＃服務器證書crt文件
        ssl_certificate_key /etc/cert/xip.io.key;       ＃服務器私鑰key文件
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://192.168.1.109:8010/;
         }
 }
server {

        listen 443 ssl;
        server_name www.app02.com;
        ssl on;
        ssl_certificate /etc/cert/xip.io.crt;
        ssl_certificate_key /etc/cert/xip.io.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://192.168.1.116:8020/;
         }

 後端app宕機會被踢掉，恢復自動加入：

upstream app_pools {
        session_sticky;
        server 192.168.1.109:8010 weight=1;
        server 192.168.1.116:8020 weight=1;
        check interval=3000 rise=2 fall=4 timeout=2000;
 }
server {
        listen 443 ssl;
        server_name www.app01.com;
        ssl on;
        ssl_certificate /etc/cert/xip.io.crt;
        ssl_certificate_key /etc/cert/xip.io.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://app_pools;
                proxy_set_header Host            $host;
                proxy_set_header X-Real-IP       $remote_addr;
                #proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for;

         }
 }

 配置間容http https兩種：

server {
        listen 80;
        listen 443;
        server_name www.app01.com;
        ssl on;
        ssl_certificate /etc/cert/xip.io.crt;
        ssl_certificate_key /etc/cert/xip.io.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass http://10.100.0.195:8010/;
         }
 }

 若是在主配置文件中監聽的端口不是80,再虛機的時候配置文件是以下：註釋掉ssl on; 在listen 443 後面加上ssl;

[root@ha01 conf]# cat hosts.conf
upstream app01_pools { 
    session_sticky;
    server 10.100.0.195:8010 weight=1;
    #server 192.168.1.116:8020 weight=1;
    check interval=3000 rise=2 fall=4 timeout=2000;
 }
upstream app02_pools { 
    session_sticky;
    server 10.100.0.192:8020 weight=1;
    check interval=3000 rise=2 fall=4 timeout=2000;
 }
server { 
    listen 80;
    listen 443 ssl;
    server_name www.app01.com apps01.com;
    #ssl on;
    ssl_certificate /etc/cert/xip.io.crt;
    ssl_certificate_key /etc/cert/xip.io.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / { 
        proxy_pass http://app01_pools;
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP      $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for;

     }
 }
server { 
    listen 80;
    listen 443 ssl;
    server_name www.app02.com app02.com;
    #ssl on;
    ssl_certificate /etc/cert/xip.io.crt;
    ssl_certificate_key /etc/cert/xip.io.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / { 
        proxy_pass http://app02_pools;
        proxy_set_header Host         $host;
        proxy_set_header X-Real-IP    $remote_addr;
     }    
 }
[root@ha01 co

 nginx 配置https　經測試　支持location 規則

 還有一點就是nginx只要一個vhost開了80端口，也就是服務器開了80端口，當配另外一臺https時即不配上80端口，同會有80端口，由於服務器，已經開來不80.