网站首页 > 技术教程 正文
实现功能:
- 多个域名访问
- 不同的域名实现不同的转发
- 未指定的域名禁止访问
- nginx到tomcat的转发(ssl证书在nginx或tomcat的比较)
- 访问http默认跳转到https(包括访问一级域名默认跳转到二级域名上)
配置参考:
#user nobody;
worker_processes 4;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
# 防止未指定的域名访问http
server {
listen 80 default_server;
server_name _;
return 404;
}
# 防止未指定的域名访问https
server {
listen 443 default_server;
server_name _;
ssl on;
ssl_certificate /usr/local/nginx/conf/key/test.crt; # 这行不能少,证书可以随便
ssl_certificate_key /usr/local/nginx/conf/key/test.key; # 这行不能少,证书可以随便
return 404;
}
# 访问www.test.org test.org这两个域名的http,默认会跳转到https上
server {
listen 80;
server_name www.test.org test.org;
rewrite ^(.*) https://$server_name$1 permanent;
}
# 开启www.test.org test.org的https访问
server {
listen 443;
server_name www.test.org test.org;
# 因证书放nginx上,这里需要开启ssl相关参数
ssl on;
ssl_certificate /usr/local/nginx/conf/key/test.crt;
ssl_certificate_key /usr/local/nginx/conf/key/test.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /opt/web/www.test.org; # 网站数据存放路径
index index.html index.htm;
# 将https://test.org跳转到https://www.test.org
if ($http_host !~ "^www.test.org$") {
rewrite ^(.*) https://www.test.org$1 permanent;
}
}
# 因网站不涉及到转发,这里需要关闭查找favicon.ico的报警
location = /favicon.ico {
log_not_found off;
access_log off;
}
}
# 转发到tomcat1,证书在nginx上
server {
# 如果硬性要求全部走https协议,这里去掉ssl
#listen 443 ssl;
listen 443 ;
server_name tomcat1.test.org;
# 因证书放nginx上,这里需要开启ssl相关参数
ssl on;
ssl_certificate /usr/local/nginx/conf/key/test.crt;
ssl_certificate_key /usr/local/nginx/conf/key/test.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://tomcat1.test.org:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# 将http://tomcat2.test.org跳转到https://tomcat2.test.org
server {
listen 80;
server_name tomcat2.test.org;
rewrite ^(.*) https://$server_name$1 permanent;
}
# 转发到tomcat2,证书在tomcat2上
server {
listen 443;
server_name tomcat2.test.org;
# 因证书放tomcat2上,这里关闭ssl相关参数
location / {
proxy_pass https://tomcat2.test.org:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
猜你喜欢
- 2024-10-10 Nginx和Firewall都可以实现四层转发,你喜欢哪一个?
- 2024-10-10 nginx做转发时,带下划线字段的header内容丢失
- 2024-09-14 NGINX 应用性能优化指南(第二部分):反向代理缓冲
- 2024-09-14 10《Nginx 入门教程》Nginx 的反向代理(上)
- 2024-09-14 Kubernetes中如何转发请求到集群外?
- 2024-09-14 Nginx 全面攻略:动静分离、压缩、缓存、黑白名单、跨域、高可用
- 2024-09-14 Portainer实用教程Portainer如何使用 Nginx 容器实现端口转发?
- 2024-09-14 Nginx TCP代理转发和负载均衡(nginx代理tcp转http)
- 2024-09-14 记一次nginx无法转发到后端的问题
- 2024-09-14 Nginx的请求数据处理流程(nginx的请求数据处理流程是什么)
欢迎 你 发表评论:
- 最近发表
- 标签列表
-
- 下划线是什么 (87)
- 精美网站 (58)
- qq登录界面 (90)
- nginx 命令 (82)
- nginx .http (73)
- nginx lua (70)
- nginx 重定向 (68)
- Nginx超时 (65)
- nginx 监控 (57)
- odbc (59)
- rar密码破解工具 (62)
- annotation (71)
- 红黑树 (57)
- 智力题 (62)
- php空间申请 (61)
- 按键精灵 注册码 (69)
- 软件测试报告 (59)
- ntcreatefile (64)
- 闪动文字 (56)
- guid (66)
- abap (63)
- mpeg 2 (65)
- column (63)
- dreamweaver教程 (57)
- excel行列转换 (56)
本文暂时没有评论,来添加一个吧(●'◡'●)