nginx與https證書集成

#user  nobody;
worker_processes  8;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

worker_rlimit_nofile 30000;
events {
    worker_connections  1024;
	use epoll;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

   
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;
    server_tokens off;  #關閉版本顯示 
	
    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    #防止ddos攻擊
    client_header_timeout 60;
    client_body_timeout 10;
	#設置文件上傳最大爲50M
	client_max_body_size 50M;
    #gzip  on;
    #軟負載映射節點
	upstream balanceServer{
	    # sticky  httponly;
		 server 127.0.0.1:8001;
		 server 127.0.0.1:8002;
		 server 127.0.0.1:8003;
		 server 127.0.0.1:8004;
	}
    server {
        listen       8443;
        server_name  localhost;
		#ssl config
        ssl                  on; 
        ssl_certificate      /app/nginx.pem; 
        ssl_certificate_key  /app/nginx.key; 
        ssl_session_timeout  5m; 
        ssl_session_cache    shared:SSL:1m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers    EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
        ssl_prefer_server_ciphers   on; 
        #charset koi8-r;
        location / {
			#負載均衡地址
			proxy_pass  http://balanceServer$request_uri; 
			proxy_set_header X-Forwarded-Host $host;
			proxy_set_header X-Forwarded-Server $host;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_redirect off;
			proxy_set_header Host $http_host;
			proxy_set_header Connection Close;
			port_in_redirect off; 
			proxy_connect_timeout 60s;
			proxy_read_timeout 3h;
	        proxy_send_timeout 3h;
			proxy_buffer_size 4k;
			proxy_buffers 6 32k; 
			proxy_busy_buffers_size 64k;
			proxy_temp_file_write_size 64k;
			#開啓代理攔截錯誤，屏蔽真實中間件信息
			proxy_intercept_errors off;
	    }
        
       
    	location ~ ^/WEB-INF/ {
        	deny  all;
    	}

        location /res {
            alias  /app2/res_mng;#圖片映射路徑
            index  index.html index.htm;
        }

        #設置健康檢查頁面
		location = /healthcheck.html {
            root   /app/nginx/html;
			access_log off; #關閉健康檢查訪問日誌
        }
		#設置404頁面[/app/nginx/html目錄下的文件]
		error_page  404 403             /404.html;
		location = /404.html {
            root   /app/nginx/html;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /app/nginx/html;
        }
        
    }
}