nginx 同时配置https和http,不同域名

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    # 处理时间
    keepalive_timeout 90;
    # 用户请求头的超时时间
    client_header_timeout 1m;
    # 用户请求体的超时时间
    client_body_timeout 1m;
    # 用户请求体最大字节数
    client_max_body_size 10m;  

    #gzip  on;


    upstream site {
        #默认;  按时间顺序逐一分配到不同的后端服务器，如果后端服务器down掉，能自动剔除
    #ip_hash;   每个请求按访问ip的hash结果分配，这样每个访客固定访问一个后端服务器，可以解决session的问题
    server 172.17.32.99:8085;
    server 172.17.32.100:8085;
    } 

   server {
        listen       80;
        server_name  carina.xxx.mz;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location /carina/trade{
        keepalive_timeout  65;
            client_max_body_size 4M;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass  http://site;
        }


        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }

   server {
        listen       443 ssl;
        server_name  api.carina.xxx.com;
    keepalive_timeout   90;
    ssl                  on;
        ssl_certificate      meu256.crt;
        ssl_certificate_key  meu256.key;

    #设置ssl/tls会话缓存的类型和大小。如果设置了这个参数一般是shared，buildin可能会参数内存碎片，默认是none，和off差不多，停用缓存。如shared:SSL:10m表示我所有的nginx工作进程共享ssl会话缓存，官网介绍说1M可以存放约4000个sessions。
        ssl_session_cache    shared:SSL:200m;

    #客户端可以重用会话缓存中ssl参数的过期时间，内网系统默认5分钟太短了，可以设成30m即30分钟甚至4h。
        ssl_session_timeout  30m;

        #指令用于启动特定的加密协议，nginx在1.1.13和1.0.12版本后默认是ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2，TLSv1.1与TLSv1.2要确保OpenSSL >= 1.0.1 ，SSLv3 现在还有很多地方在用但有不少被攻击的漏洞。
        ssl_protocols  TLSv1.2 TLSv1.1  TLSv1;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;

        #设置协商加密算法时，优先使用我们服务端的加密套件，而不是客户端浏览器的加密套件。
        ssl_prefer_server_ciphers  on;

        location /carina/credit {
        keepalive_timeout  65;
        client_max_body_size 4M;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://site;
    }

     #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    include vhosts/*.com;
    include vhosts/*.conf;
    include vhosts/*.cn;

    #隐藏nginx版本信息
    server_tokens off;

    #禁用空主机头访问
    server {
        listen 80 default;
        return 403;
    }
}