server {
listen ssl; #监听443端口
server_name www.app01.com;
ssl on; #启用ssl加密
ssl_certificate /etc/cert/xip.io.crt; #服务器证书crt文件
ssl_certificate_key /etc/cert/xip.io.key; #服务器私钥key文件
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.1.109:8010/;
}
}
server { listen ssl;
server_name www.app02.com;
ssl on;
ssl_certificate /etc/cert/xip.io.crt;
ssl_certificate_key /etc/cert/xip.io.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.1.116:8020/;
}
后端app宕机会被踢掉,恢复自动加入:
upstream app_pools {
session_sticky;
server 192.168.1.109: weight=;
server 192.168.1.116: weight=;
check interval= rise= fall= timeout=;
}
server {
listen ssl;
server_name www.app01.com;
ssl on;
ssl_certificate /etc/cert/xip.io.crt;
ssl_certificate_key /etc/cert/xip.io.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://app_pools;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for; }
}
配置间容http https两种:
server {
listen ;
listen ;
server_name www.app01.com;
ssl on;
ssl_certificate /etc/cert/xip.io.crt;
ssl_certificate_key /etc/cert/xip.io.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.100.0.195:8010/;
}
}
如果在主配置文件中监听的端口不是80,再虚机的时候配置文件是如下:注释掉ssl on; 在listen 443 后面加上ssl;
[root@ha01 conf]# cat hosts.conf
upstream app01_pools {
session_sticky;
server 10.100.0.195: weight=;
#server 192.168.1.116: weight=;
check interval= rise= fall= timeout=;
}
upstream app02_pools {
session_sticky;
server 10.100.0.192: weight=;
check interval= rise= fall= timeout=;
}
server {
listen ;
listen ssl;
server_name www.app01.com apps01.com;
#ssl on;
ssl_certificate /etc/cert/xip.io.crt;
ssl_certificate_key /etc/cert/xip.io.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://app01_pools;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for; }
}
server {
listen ;
listen ssl;
server_name www.app02.com app02.com;
#ssl on;
ssl_certificate /etc/cert/xip.io.crt;
ssl_certificate_key /etc/cert/xip.io.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://app02_pools;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
[root@ha01 co
nginx 配置https 经测试 支持location 规则
还有一点就是nginx只要一个vhost开了80端口,也就是服务器开了80端口,当配另一台https时即不配上80端口,同会有80端口,因为服务器,已经开来不80.