Ngnix配置文件分享：反向代理，开启SSL

user  tomcat;
worker_processes  1;

error_log  logs/error.log error;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';

    sendfile        on;
   # tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;


    server {

        listen  80;
        server_name  block.zgcsjy.cn www.block.zgcsjy.cn;

        location / {  
           root block;
           index index.html;
        } 

    }

    server {

        listen  80;
        server_name  cs.zgcsjy.cn www.cs.zgcsjy.cn;

        location /xypjcp {
            proxy_pass        http://localhost:8082/xypjcp;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_connect_timeout 300;
            proxy_send_timeout 300;
            proxy_read_timeout 300;
            proxy_buffer_size 64k;
            proxy_buffers   4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
            client_max_body_size 30m;
            client_body_buffer_size 128k;
        }


    }

    server {
        listen  80;
        server_name  frp.zgcsjy.cn *.frp.zgcsjy.cn;
        access_log   logs/access_frp.log   main;

        location / {
            proxy_pass        http://localhost:19080;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_connect_timeout 300;
            proxy_send_timeout 300;
            proxy_read_timeout 300;
            proxy_buffer_size 64k;
            proxy_buffers   4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
            client_max_body_size 30m;
            client_body_buffer_size 128k;
        }
    }



    server {
                listen       80;
                server_name  gzh.zgcsjy.cn;
                rewrite ^(.*) https://$host$1 permanent;

                error_page   500 502 503 504  /50x.html;
                location = /50x.html {
                                root   html;
                }

        }



    server {
        listen 443 ssl;
        server_name  gzh.zgcsjy.cn;
        ssl_certificate      ../cert/2772898_gzh.zgcsjy.cn.pem;
        ssl_certificate_key  ../cert/2772898_gzh.zgcsjy.cn.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers  on;

        add_header Content-Security-Policy upgrade-insecure-requests;

        location / {
            proxy_pass        http://localhost:10001;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            #proxy_set_header   X-Forwarded-Proto $scheme;
            #proxy_set_header   Upgrade         $http_upgrade;
            proxy_connect_timeout 300;
            proxy_send_timeout 300;
            proxy_read_timeout 300;
            proxy_buffer_size 64k;
            proxy_buffers   4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
            client_max_body_size 30m;
            client_body_buffer_size 128k;
            access_log off;
            error_log logs/error.gzh.log crit;
        }

        location /zjd {
            root /usr/local/data/gzh;
            index index.html index.htm;
        }

        location /qyd {
            root /usr/local/data/gzh;
            index index.html index.htm;
        }
    }


}