upstream ruoyi-backend{
server 10.0.0.75:8080;
server 10.0.0.76:8080;
}
server {
listen 443 ssl;
server_name ruoyi.zqfstack.com;
charset utf-8;
ssl_certificate /usr/local/nginx/ssl/ruoyi.zqfstack.com.pem;
ssl_certificate_key /usr/local/nginx/ssl/ruoyi.zqfstack.com.key;
ssl_session_cache shared:SSL:1m; # 配置 SSL 会话缓存,提高性能。shared:SSL:多个工作进程共享的缓存。1m:缓存大小为 1MB(约存储 4000 个会话)
ssl_session_timeout 5m; # SSL会话缓存的超时时间(客户端可复用会话的时间)。
ssl_prefer_server_ciphers on; # 优先使用服务端配置的密码套件(而非客户端提议的)。
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256';
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
location / {
root /data/ruoyi/dist;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://ruoyi-backend/;
}
# springdoc proxy
location ~ ^/v3/api-docs/(.*) {
proxy_pass http://ruoyi-backend/v3/api-docs/$1;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# http强制跳转https
server {
listen 80;
server_name ruoyi.zqfstack.com;
return 301 https://$server_name$request_uri;
}
nginx配置https访问配置与解释
浙公网安备 33010602011771号