火焰

valeb
  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

nginx 根据域名转发不同端口 ssl 证书 配置

Posted on 2022-06-13 15:47  valeb  阅读(223)  评论(0)    收藏  举报 
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65; 
    upstream git {  
       server 127.0.0.1:8081;  
    }       
    upstream jenkins {  
       server 127.0.0.1:8082;  
    }                
    server {
        listen       8080; 
        server_name  git.baidu.cn; 
        location / { 
            proxy_pass http://git;
        } 
    }      
    server {
        listen       8080; 
        server_name  jenkins.baidu.cn; 
        location / { 
            proxy_pass http://jenkins;
        } 
    } 
}

SSL 证书配置

    server {
        listen       8080 ssl;  # 别忘记  ssl 
        server_name  jenkins.baidu.cn; 
        client_max_body_size 10M;
        ssl_certificate      baidu.cn_bundle.crt;
        ssl_certificate_key  baidu.cn.key;  
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m; 
        ssl_ciphers  CDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers  on; 
        location / { 
            proxy_pass https://jenkins;
            proxy_set_header Host $host; 
            proxy_set_header X-Real-IP $remote_addr; 
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
            proxy_redirect   off; 
            proxy_set_header X-Forwarded-Proto $scheme; 
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
            add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; 
        } 
    }

  

第二种方式:默认80 端口

a.baidu.cn     192.168.1.100:1111

b.baidu.cn     192.168.1.100:2222

c.baidu.cn     192.168.1.100:3333

根据 二级域名头  a,b,c 的不同步来代理对应的服务 1111,2222,3333

    server {
        listen       80; 
        server_name ~^(?<subdomain>.+).baidu.cn$;  #.baidu.cn
        client_max_body_size 10M;
        location / { 
            proxy_set_header Host $host; 
            proxy_set_header X-Real-IP $remote_addr; 
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
            proxy_redirect   off; 
            proxy_set_header X-Forwarded-Proto $scheme; 
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
            add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; 
            
            if ($subdomain ~* "git") {  # 注: if 后 ()左右有空格
               proxy_pass  http://git;       
            } 
            if ($subdomain ~* "jenkins") { 
               proxy_pass http://jenkins;     
            } 
            if ($subdomain ~* "nexus") { 
               proxy_pass http://nexus;     
            }
            if ($subdomain ~* "sonarqube") { 
               proxy_pass http://sonarqube;     
            }
            if ($subdomain ~* "rabbitmq") { 
               proxy_pass http://rabbitmq;     
            } 
        }  
    }