server {
listen 443 ssl;
server_name www.xxx.com xxx.com;
ssl_certificate keys/xxxx_ssl.pem;
ssl_certificate_key keys/xxxx_ssl.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#启用TLS1.1、TLS1.2要求OpenSSL1.0.1及以上版本,若您的OpenSSL版本低于要求,请使用 ssl_protocols TLSv1;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
location ~ / {
proxy_pass http://192.168.1.222; #后端 真实服务器
index index.html index.htm A1-index.html;
}
}
server {
listen 80;
server_name www.xxx.com xxx.com;
rewrite ^(.*) https://$host$1 permanent;
}
想让别人访问http://重定向https://,就在访问http的server{}里填写
rewrite ^(.*) https://$host$1 permanent;