配置文件说明
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream ppms { <!-- 配置要安装证书服务器 nginx和应用服务器一样,所以是127.0.0.1 --> server 127.0.0.1:8080 max_fails=1 fail_timeout=30s weight=5; } server { listen 80 ; <!-- http调整到https 只监听80端口 --> server_name gdzc.citicsteel.com; <!-- 证书配置的域名 如没有域名配置成IP --> rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443 ssl; <!-- 配置证书 默认443端口 如果443 ssl有错误 可能是版本太低 --> server_name gdzc.citicsteel.com; <!-- 证书配置的域名 如没有域名配置成IP --> ssl_certificate /usr/local/nginx/cert/1846876__citicsteel.com.pem;<!-- 证书存放位置 --> ssl_certificate_key /usr/local/nginx/cert/1846876__citicsteel.com.key; ssl_session_timeout 5m; <!-- 低版本配置 --> <!-- ssl on; 证书存放位置 ssl_certificate /usr/local/nginx/cert/1846876__citicsteel.com.pem;<!-- 证书存放位置 --> ssl_certificate_key /usr/local/nginx/cert/1846876__citicsteel.com.key; ssl_session_timeout 5m; listen 为443 后不接ssl --> #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://ppms;<!-- 对应上面upstream 例:upstream csms; http://csms; --> root html; index index.html index.htm; autoindex on; autoindex_exact_size on; autoindex_localtime on; } #or_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcg_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }配置后请求实体过大可能会出现413 处理: #允许客户端请求的最大单文件字节数 client_max_body_size 10m; #缓冲区代理缓冲用户端请求的最大字节数, client_body_buffer_size 128k; #nginx跟后端服务器连接超时时间(代理连接超时) proxy_connect_timeout 90; #连接成功后,后端服务器响应时间(代理接收超时) proxy_read_timeout 90; #设置代理服务器(nginx)保存用户头信息的缓冲区大小 proxy_buffer_size 4k; #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置 proxy_buffers 4 32k; #高负荷下缓冲大小(proxy_buffers*2) proxy_busy_buffers_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传 proxy_temp_file_write_size 64k;
