這裏要注意的就是由於nginx沒有配置中級證書的參數,所以根證書和證書文件需要合併起來配置,這個apache有點區別,證書鏈文件建議是配置上去apache有相應參數可以配置nginx沒有。
cat domain.crt domian.ca > domian.pem
寫2個server,80端口用return 301跳轉即可。
cat domain-80.conf
server {
listen IP:80;
server_name DOMAIN;
if ( $host ~* ^[a-zA-Z0-9\-]+\.([a-zA-Z0-9]+)?$ ){
rewrite ^/(.*)$ https://www.$host/$1 permanent;
}
index index.php index.html index.htm;
location / {
return 301 https://domain$request_uri;
limit_req zone=one burst=30;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
proxy_set_header AUTHZH aGZoZj13g5N2FmaDk4;
proxy_pass http://IP:80/;
}
location ~* ^.+\.(gz|tar|tgz|tbz||zip|xz|bz2|rar|7z|sql|exe|dll|msi|iso|pdf)$ {
limit_conn conn 2;
limit_rate 200k;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
proxy_set_header AUTHZH aGZoZjg12321Zoc2FmaDk4;
proxy_pass http://ip:80;
}
location ~* ^/(403|500|503)\.html { root html; }
}
cat domain.com.conf
server {
listen IP:443;
server_name domain;
index index.php index.html index.htm;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/DOMINA/DOMAIN.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/domain/domain.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header AUTHZH aGZoZjg5N34Y3Zoc2FmaDk4;
proxy_set_header X_FORWARDED_PROTO https;
proxy_pass http://IP;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
nginx強制跳轉https
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
Linux 開機(腳本)啓動順序
Uchen
2019-02-24 13:53:20
Linux基本操作命令
wbzjacky
2019-02-24 13:12:38
tar Command Daily Work Summary
海膽階段
2019-02-24 12:58:10
SSH and SCP Daily Work Summary
海膽階段
2019-02-24 12:58:10
Linux積累-安裝與配置Hadoop
lftong
2019-02-23 14:00:30
centos ***
samplelife
2019-02-23 13:57:36
新手學習Linux系統的一點見解
jackieban
2019-02-23 13:57:24
CentOS 6.4下PXE+Kickstart無人值守安裝操作系統
paul8339
2019-02-23 13:56:09
Linux學習之旅 - 第一天
lichen_zt
2019-02-23 13:55:58
Linux I/O重定向以及正則表達式
zhongqijian916
2019-02-23 13:54:50
Linux---facl以及終端
zhongqijian916
2019-02-23 13:54:50
Linux---YUM
zhongqijian916
2019-02-23 13:54:50
神奇高效的Linux命令行
qq5c6f4fa42f069
2019-02-24 12:58:23
盜版系統避免10月20號後出現黑屏的方法
lichenjing9
2019-02-23 14:06:52
專訪-網絡工程師-如何把握成長關鍵?
白璐
2019-02-23 14:05:08