nginx.conf配置:
user www;
worker_processes auto;
error_log logs/error.log notice;
pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main 'remote_addr:$remote_addr remote_user:$remote_user time_local:[$time_local] request:$request '
'status:$status body_bytes_sent:$body_bytes_sent http_referer:$http_referer '
'http_user_agent:$http_user_agent upstream_addr:$upstream_addr server_name:$server_name '
'http_x_forwarded_for:$http_x_forwarded_for request_time:$request_time';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
server_names_hash_bucket_size 128;
keepalive_timeout 600;
types_hash_max_size 2048;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 2;
gzip_types text/css text/xml application/javascript text/plain application/json applicatio
n/rss+xml application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
proxy_read_timeout 3000;
proxy_buffer_size 1024k;
proxy_buffers 32 1024k;
proxy_busy_buffers_size 1024k;
proxy_temp_file_write_size 1024k;
upstream F5_preCouponPay {
server 192.168.52.11:8002 max_fails=3 weight=1 fail_timeout=3s;
}
upstream F5_couponPay {
server 192.168.52.11:8081 max_fails=3 weight=1 fail_timeout=3s;
}
# http #########################################
server {
listen 80 default_server;
server_name _;
location / {
deny all;
}
location /nginx-status {
stub_status on;
allow 127.0.0.1;
deny all;
}
}
server {
listen 80;
server_name 192.168.52.11;
location / {
deny all;
}
location /pre-coupon-pay {
rewrite ^(.*) https://$server_name$1 permanent;
}
location /couponPay {
rewrite ^(.*) https://$server_name$1 permanent;
}
}
# https #########################################
server {
listen 443 ssl default_server;
server_name _;
ssl_certificate /usr/local/nginx/conf/ssl/_.card.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/_.card.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers RSA:!EXP:!NULL:+HIGH:-DES:-3DES:-MEDIUM:-LOW;
ssl_prefer_server_ciphers on;
location / {
deny all;
}
}
server {
listen 443 ssl;
server_name 192.168.52.11;
ssl_certificate /usr/local/nginx/conf/ssl/_.card.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/_.card.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers RSA:!EXP:!NULL:+HIGH:-DES:-3DES:-MEDIUM:-LOW;
ssl_prefer_server_ciphers on;
location / {
deny all;
}
location /pre-coupon-pay {
proxy_pass http://F5_preCouponPay/pre-coupon-pay;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
}
location /couponPay {
proxy_pass http://F5_couponPay/couponPay;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
}
}
}