需求:
之前工作上面常用的是域名的反向代理,一個公網IP對應就個80端口映射多個域名。常用的有SQUID、NGINX。
現在公司這邊有多個小程序需要佈署,但是一個公網IP只有1個443端口。後面經過朋友指點,用NGINX實現。
下面是具體的已經實現了的配置文件內容
user root; worker_processes 4; error_log logs/error.log; pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; keepalive_timeout 65; gzip on; upstream manage { server 127.0.0.1:8193 ; } server { listen 80; server_name manage.baidu.com; rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443; server_name manage.baidu.com; ssl on; ssl_certificate ./ssl/manage.baidu.com.pem; ssl_certificate_key ./ssl/manage.baidu.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { index index.jsp index.htm index.html; proxy_pass http://manage; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } access_log logs/manage.log main; } upstream pay { server 127.0.0.1:3020 ; } server { listen 80; server_name pay.baidu.com; rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443; server_name pay.baidu.com; ssl on; ssl_certificate ./ssl/pay.baidu.com.pem; ssl_certificate_key ./ssl/pay.baidu.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { index index.jsp index.htm index.html; proxy_pass http://pay; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /pay/ { root /root/nginx/www/; } access_log logs/pay.log main; } upstream agent { server 127.0.0.1:8192 ; } server { listen 443; server_name agent.baidu.com; ssl on; ssl_certificate ./ssl/agent.baidu.com.pem; ssl_certificate_key ./ssl/agent.baidu.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { index index.jsp index.htm index.html; proxy_pass http://agent; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } access_log logs/agent.log main; } server { listen 80; server_name agent.baidu.com; rewrite ^(.*) https://$server_name$1 permanent; } } |