需求:
之前工作上面常用的是域名的反向代理,一個公網IP對應就個80端口映射多個域名。常用的有SQUID、NGINX。
現在公司這邊有多個小程序需要佈署,但是一個公網IP只有1個443端口。後面經過朋友指點,用NGINX實現。
下面是具體的已經實現了的配置文件內容
user root;
worker_processes 4;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
gzip on;
upstream manage {
server 127.0.0.1:8193 ;
}
server {
listen 80;
server_name manage.baidu.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
server_name manage.baidu.com;
ssl on;
ssl_certificate ./ssl/manage.baidu.com.pem;
ssl_certificate_key ./ssl/manage.baidu.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.jsp index.htm index.html;
proxy_pass http://manage;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log logs/manage.log main;
}
upstream pay {
server 127.0.0.1:3020 ;
}
server {
listen 80;
server_name pay.baidu.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
server_name pay.baidu.com;
ssl on;
ssl_certificate ./ssl/pay.baidu.com.pem;
ssl_certificate_key ./ssl/pay.baidu.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.jsp index.htm index.html;
proxy_pass http://pay;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /pay/ {
root /root/nginx/www/;
}
access_log logs/pay.log main;
}
upstream agent {
server 127.0.0.1:8192 ;
}
server {
listen 443;
server_name agent.baidu.com;
ssl on;
ssl_certificate ./ssl/agent.baidu.com.pem;
ssl_certificate_key ./ssl/agent.baidu.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.jsp index.htm index.html;
proxy_pass http://agent;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log logs/agent.log main;
}
server {
listen 80;
server_name agent.baidu.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
}
|