主要配置如下:
#静态文件的访问 server { listen 443 ssl; server_name static.jksfrz.com; ssl_certificate d:/app/nginx/ssl/dogiant.crt; ssl_certificate_key d:/app/nginx/ssl/dogiant.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { root html; index index.html index.htm; } server_tokens off; #access_log /var/log/nginx/www.hao.com.access.log; #error_log /var/log/nginx/www.hao.com.error.log; } #访问192.168.0.103,强制http转为https server { listen 80; server_name 192.168.0.103; rewrite ^ https:/$http_host$request_uri? permanent; } # https server { listen 443 ssl; server_name 192.168.0.103; ssl_certificate d:/app/nginx/ssl/dogiant.crt; ssl_certificate_key d:/app/nginx/ssl/dogiant.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { #代理一个tomcat应用,也可以和upstream的名字一样 proxy_pass http://localhost:8080; #以下是一些反向代理的配置可删除 proxy_redirect off; #后端的Web服务器可以通过X-Forwarded-For获取用户真实IP proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; #允许客户端请求的最大单文件字节数 client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数 proxy_connect_timeout 300; #nginx跟后端服务器连接超时时间(代理连接超时) proxy_send_timeout 300; #后端服务器数据回传时间(代理发送超时) proxy_read_timeout 300; #连接成功后,后端服务器响应时间(代理接收超时) proxy_buffer_size 4k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小 proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置 proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2) proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传 } server_tokens off; #access_log /var/log/nginx/www.hao.com.access.log; #error_log /var/log/nginx/www.hao.com.error.log; } #支持跨域访问 add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Headers X-Requested-With; add_header Access-Control-Allow-Methods GET,POST,OPTIONS; #禁用缓存 add_header Cache-Control no-store;