nginx配置ssl

原文地址

配置文件

worker_processes  8;
worker_rlimit_nofile 65535;

#pid        logs/nginx.pid;

events {
    use epoll;
    worker_connections  8192;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$cookie_sessionid $http_cookie $host $http_host $proxy_host $server_name $remote_addr - $remote_user [$time_local] "$request" '
                        '$status  $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for" '
                        '$ssl_protocol $ssl_cipher $upstream_addr $request_time $upstream_response_time';

    access_log  logs/access.log  main;

    sendfile        on;

    keepalive_timeout  65;

    gzip  off;

    upstream backend{
        server 192.168.1.1:443;
    }


   server {
        #监听443端口，SSL默认使用端口
        listen      443;
        server_name  www.go008.com;
        #开启SSL功能
        ssl                  on;
        #证书文件
        ssl_certificate      /usr/local/nginx/conf/ssl/crt1.crt;
        #私钥文件
        ssl_certificate_key  /usr/local/nginx/conf/ssl/key1.key;

        #ssl_session_timeout  5m;

        location /nstatus {
                access_log off;
        }

        location / {
            proxy_pass https://backend;
            proxy_redirect off;
            proxy_set_header Host 192.168.1.1;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Cookie $http_cookie;
            chunked_transfer_encoding off;
            proxy_pass_header Set-Cookie;
            proxy_cookie_domain 192.168.1.1 www.tops001.com;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

简要说明

• 证书制作略
• 主要配置server块里的ssl相关参数
• 监听SSL使用的端口，默认443
• proxy_pass要以https开头