Nginx常用配置

http转https

server {
    listen 80;
    server_name axisk.cn,api.axisk.cn;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}

443证书配置

	server {
        listen       443 ssl;
        server_name  api.axisk.cn;
        ssl_certificate     crt/axisk.cn.pem;
        ssl_certificate_key crt/axisk.cn.key;

        ssl_session_cache    shared:SSL:5m;
        ssl_session_timeout  25m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        location / {
       		proxy_pass http://192.168.0.2:8080/;
        }
}

静态目录配置

server {
    listen       80;         #监听的端口
    server_name  axisk.cn;    #监听的URL
    location / {
        root /usr/local/project/;             #项目路径
        index /index.html;
         #匹配不到任何静态资源,跳到同一个index.htmli
        try_files $uri $uri/ /index.html;       
        add_header Cache-Control no-store; #禁用缓存
    }
}

server {
    listen       80;         #监听的端口
    server_name  axisk.cn;    #监听的URL
    location / {
        alias  /usr/local/project/;             #别名模式
        index /index.html;
         #匹配不到任何静态资源,跳到同一个index.htmli
        try_files $uri $uri/ /index.html;       
        add_header Cache-Control no-store; #禁用缓存
    }
}

跨域配置

add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Headers '*';
add_header Access-Control-Allow-Methods 'GET,POST,OPTIONS';

if ($request_method = 'OPTIONS') {
    return 204;
}

请求头代理转发

	proxy_set_header Host $host; 
    proxy_set_header X-Real-IP $remote_addr; 
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	#代理版本
	proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
	#超时时间
    proxy_connect_timeout 30s;
    proxy_next_upstream_timeout 30s;
    proxy_next_upstream_tries 1;

conf引用文件

 默认conf为根目录
 include sty/****.conf;

你可能感兴趣的:(nginx,ssl,https)