1.下载域名的ssl证书,由于项目部署在阿里云上,就用了阿里推荐的赛门铁克,用Let‘s Encrypt的也不错。
2.nginx的配置如下:
worker_processes 8;
error_log error.log;
events {
worker_connections 1024;
}
http{
server_tokens off;
include mime.types;
default_type application/octet-stream;
log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#工程1
upstream project1_http{
#工程1端口
server ip地址:8190;
}
upstream project2_http{
#工程2端口
server ip地址:8089;
}
server {
listen 80;
server_name website_http;
charset utf-8;
access_log logs/web.log;
//域名后子访问名
location /project1/ {
proxy_pass http://project1_http/;
proxy_redirect off;
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100M;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
#proxy_redirect default;
}
location /project2/ {
proxy_pass http://project2_http/;
proxy_redirect off;
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100M;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
#proxy_redirect default;
}
}
#项目使用到了腾讯云的对象存储功能,用于存储图片、视频
upstream cos-auth-server{
#鉴权443口
server ip地址:33575;
}
upstream project2_https{
#项目443口
server ip地址:8089;
}
server {
listen 443;
server_name website_https;
ssl on;
ssl_certificate cert/证书.pem;
ssl_certificate_key cert/证书.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location /cosauth/ {
proxy_pass http://cos-auth-server/;
proxy_redirect off;
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100M;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
#proxy_redirect default;
}
location /project2/ {
proxy_pass http://project2_https/;
proxy_redirect off;
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100M;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
#proxy_redirect default;
}
}
}