nginx 7层全量转发

upstream micorapp {  
 server 2.1.105.33:1080 max_fails=1 fail_timeout=30s;
 server 20.1.15.3:1080 max_fails=1 fail_timeout=30s;
 keepalive 16;
}


server {
listen 1080;
server_name tlchat.zjtlcb.com; # domain 域名改为 rcx api 所准备的域名
ssl on;
ssl_certificate ssl/server.pem; # ssl/server.crt 替换成 rcx api 域名所对应的证书文件路径
ssl_certificate_key ssl/server.key; # ssl/server.key 替换成 rcx api 域名所对应的证书相匹配的秘钥文件路径
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;ssl_session_tickets off;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssi on;

location / {
 proxy_pass http://micorapp;
 proxy_redirect default;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header Host $http_host;
 proxy_set_header Via "nginx";
 proxy_redirect off;
 proxy_connect_timeout 120;
 proxy_read_timeout 125;
 proxy_send_timeout 190;
 }



}

 

你可能感兴趣的:(HTTP协议)