1、开启压缩
#----------- gzip -----------
gzip on;
2、websocket协议升级以及获取真实客户机IP地址放入请求头里边
#------------ http ------------
server {
listen 80;
server_name 192.168.0.110;
#---------- websocket ------------
location /redis-chat/message {
proxy_pass http://127.0.0.1:8888; #服务转发
proxy_http_version 1.1; #协议版本1.1
proxy_set_header Connection "upgrade"; #协议升级
proxy_set_header Upgrade $http_upgrade; #引用协议升级的类型,也就是这里的websocket协议
proxy_read_timeout 3m; #读取超时时间设置为3分钟,默认60秒
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /redis-chat/ {
proxy_pass http://127.0.0.1:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
3、http协议转https协议
#------------ http ------------
server {
listen 80;
server_name demo.com.cn;
rewrite ^(.*) https://$host$1 permanent; #把所有的请求转发到https协议上处理
}
#------------ https -----------
server {
listen 443 ssl; #443端口开启ssl
server_name demo.com.cn;
#配置证书所在的位置
ssl_certificate
/usr/local/nginx/ssl/demo.com.cn/Nginx/1_demo.com.cn_bundle.crt;
ssl_certificate_key /usr/local/nginx/ssl/demo.com.cn/Nginx/2_demo.com.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
转载于:https://www.jianshu.com/p/cf50ae599405