server {
listen 80;
listen 443 ssl;
server_name itczw.top www.itczw.top;
ssl_certificate /home/ssl/baidu_ssl/itczw.top.crt;
ssl_certificate_key /home/ssl/baidu_ssl/itczw.top.key;
location / {
proxy_pass http://minionsblog;
index index.html index.htm;
proxy_set_header Host $host:$server_port;
proxy_set_header Remote_Addr $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#强制跳转http
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
踩坑最终版配置
server {
listen 80;
server_name gaoshiyinong.com www.gaoshiyinong.com;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$server_name$request_uri;
}
upstream minionsblog {
server 172.18.214.54:20190;
# server frp.gaoshiyinong.com:8088;
}
server {
# listen 80;
listen 443 ssl;
server_name gaoshiyinong.com www.gaoshiyinong.com;
# 下面ssl开头的是HTTPS相关的设置
ssl on;
ssl_certificate /usr/local/nginx/ssl/gaoshiyinong.com.pem;
ssl_certificate_key /usr/local/nginx/ssl/gaoshiyinong.com.key;
ssl_session_cache shared:SSL:10m;
# 使用的加解密方式
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
# 支持的协议类型
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# 优先使用服务端的加解密方式
ssl_prefer_server_ciphers on;
if ( $host != "www.gaoshiyinong.com" ) {
rewrite ^(.*)$ https://www.$host$1 permanent;
}
# 设置HTTP请求自动跳转HTTPS
#rewrite ^(.*)$ https://$host$1 permanent;
location / {
proxy_pass http://minionsblog;
# proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Hosta $http_host;
proxy_set_header X-NginX-Prox true;
#强制跳转http
# if ($host = "gaoshiyinong.com") {
# rewrite ^ https://www.$server_name$request_uri? permanent;
# }
}
}
浙公网安备 33010602011771号