rewrite https

if ( $http_host ~* "zh" ) {
	set $domain "zh";
}


if ( $http_host ~* "jp" ) {
	set $domain "jp";
}
root /url/$domain;

$http_accept_language浏览器设置的语言
rewrite ^/$ /m redirect;
last : 不执行此location
break : 不执行下面的location
redirect : 返回302临时重定向（默认）
permanent : 返回301永久重定向，无证书后会报错
rewrite ^(.*)$ https://$http_host$request_uri
curl -I查看响应头
$remote_addr ip地址

http转https

server {
	listen 443 ssl;
	server_name s.oldxu.com;
	ssl_certificate ssl_key/server.crt;
	ssl_certificate_key ssl_key/server.key;
	root /code;

	location / {
		index index.html;
	}
}
server {
	listen 80;
	server_name s.oldxu.com;
	return 302 https://$http_host$request_uri;
}

通过uri跳转其他https域名

web01
server {
	listen 443 ssl;
	ssl_certificate ssl_key/server.crt;
	ssl_certificate_key ssl_key/server.key;
	server_name s.oldxu.com;
	root /code;

	location / {
		index index.html;
	}
}

web02
server {
	listen 80;
	server_name www.oldxu.com;
	root /code;

	location / {
		index index.html;
	}

	location /login {
		return 302 https://s.oldxu.com;
	}
}

通过uri从https跳转到http

server {
        listen 443 ssl;
        ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        server_name s.oldxu.com;
        root /code;

        location / {
                index index.html;
        }
}
server {
        listen 80;
        server_name s.oldxu.com;
        if ( $request_uri != '/abc') {
                return 302 https://$http_host$request_uri;      
        }       
}

ssl_session_cache shared:SSL:10m; #在建立完ssl握手后如果断开连接，在session_timeout时间内再次连接，是不需要在次建立握手，可以复用之前的连接
ssl_session_timeout 1440m;           #ssl连接断开后的超时时间（24小时）
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用的TLS版本协议
ssl_prefer_server_ciphers on;        #Nginx决定使用哪些协议与浏览器进行通讯
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #配置加密套间

生成假证书
openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj “/C=/ST=/L=/O=/OU=/CN=wuxing”
openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt
接入负载均衡

upstream ssl {
	server 172.16.1.7:80;
	server 172.16.1.8:80;
}
server {
	listen 443 ssl;
	server_name ssl.oldxu.com;
	ssl_certificate ssl_key/server.crt;
	ssl_certificate_key ssl_key/server.key;
	
	location / {
		proxy_pass http://ssl;
		include proxy_params;
	}
}
server {
	listen 80;
	server_name ssl.oldxu.com;
	return 302 https://$http_host$request_uri;或者$server_name
}

server {
	listen 80;
	server_name ssl.oldxu.com;
	root /code;
	
	location / {
		index index.html;
	}
}

春风吹尽叁佰里

发布了35 篇原创文章 · 获赞 0 · 访问量 978

私信关注

猜你喜欢