.....

user nobody;

worker_processes 8;

error_log /opt/logs/nginx/nginx_error.log crit;

pid /usr/local/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;

# charset gb2312;

server_names_hash_bucket_size 128;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
tcp_nodelay on;
output_buffers 4 32k;
postpone_output 1460;
client_header_buffer_size 128k;
large_client_header_buffers 4 256k;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
#load css js
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
proxy_buffer_size 128k;
proxy_buffers 32 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;

proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_store on;
proxy_store_access user:rw group:rw all:r;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;

#limit_zone crawler $binary_remote_addr 10m;

log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';

###配置负载方式###
upstream test123 {
server 10.10.1.201:7878;
}

upstream crmtest123 {
server 10.10.1.201:8090;
}

###配置站点###

server {
listen 80 default;
server_name www.test123.cn
;

set $tag "0";
if ( $host !~ ^www.test123.cn$ ){
set $tag "$tag,1";
}
if ( $host !~ ^test123.cn$ ){
set $tag "$tag,2";
}
if ( $tag ~ ^0,1,2$ ){
return 403;
}

location / {
proxy_pass http://test123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;

# rewrite ^/webPage/?$ / permannet;
# rewrite ^/webPage/(*)$/(.*)$ /$1/$2 ;
# rewrite ^/webPage/([0-9a-z]+)/(.*)$ /$1/$2 ;

}

location ~* /*Register.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterNext.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterLast.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*login.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhcz.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhtx.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*wytz_tb.html {
rewrite ^(.*) https://$host$1 permanent;
}

location ~* /*/ssl/frame_top_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/frame_bottom_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/xx.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/manage/code.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/webPage/registerOffLine/*.* {
rewrite ^(.*) https://$host$1 permanent;
}

# location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
# expires 1h;
# rewrite ^(.*) https://$host$1 permanent;
# }

access_log /opt/logs/nginx/www.test123-access.log access;
}
server {
listen 443;
server_name www.test123.cn ;

ssl on;
ssl_certificate /usr/local/nginx/ssl/www.test123.crt;
ssl_certificate_key /usr/local/nginx/ssl/www.test123.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_session_cache shared:SSL:10m;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

location ~* /*Register.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterNext.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterLast.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*login.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhcz.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhtx.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*wytz_tb.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*frame_top_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*frame_bottom_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*xx.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*/manage/code.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*/webPage/registerOffLine/*.* {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

access_log /opt/logs/nginx/https.www.test123-access.log access;

}

server {
listen 80;
server_name test123.cn;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

}
server {
listen 80;
server_name crm.test123.cn;

location / {
proxy_pass http://crmtest123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;
}
access_log /opt/logs/nginx/crm.test123-access.log access;
}

server {
listen 84;
server_name localhost;
location / {
stub_status on;
access_log off;
}

}

}

ssl,proxy;部分http部分https;80,443,8080;nginx+tomcat;的更多相关文章

  1. windows环境pip安装时一直报错Could not fetch URL https://pypi.org/simple/xrld/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url:

    最近项目不忙了~~有开始专研的python大业,上来想用pip安装一个第三方的库,就一直报错: Could not fetch URL https://pypi.org/simple/xrld/: T ...

  2. charles 之 ssl proxy 设置(https抓包)

    PC端设置 1.启动Charles软件,在菜单中找到 Help -> SSL Proxying ->Install Charles Root Certificate. 2.菜单中找到 pr ...

  3. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  4. 企业网站的SSL签证生产测试以及https配置方法

    这一次要做企业网站怎么获得安全的数字证书,没有数字证书的话,在浏览器访问网站的时候会跳出不安全界面,而且钓鱼网站也会让用户进去个假网站,一般企业可以去阿里云去买数字证书,买好之后浏览器便会加载这个数字 ...

  5. 双网卡+mitmproxy+iptables搭建SSL中间人(支持非HTTPS协议)

    "想要解决一个问题,最根本方法的就是了解这一切是如何工作的,而不是玄学." --ASCII0X03 最近学习发现现在很多现成的安卓SSL中间人工具和教程都只针对HTTPS流量,比如 ...

  6. Unknown SSL protocol error in connection to xxx:443

    使用git从远程下载时,出现Unknown SSL protocol error in connection to xxx:443 错误. 很有可能是被墙在了外面,这里针对墙在外面的情况. 设置代理服 ...

  7. 没有部署ingress pod的woker节点telnet slb的80 443端口不通

    一,问题描述 没有部署ingress pod的woker节点telnet slb的80 443端口不通 二,解决办法 方法一:改用svc地址调用 方法二:让每台woker节点都部署ingress po ...

  8. SVN 错误:Error validating server certificate for 'https://xxxxxxx':443... Mac os svn客户端证书验证缓存 解决

    mac上的SVN今天突然间 不好使了 在进行SVN操作是报出警告信息 Error validating server certificate for 'https://xxxxxxx':443 - T ...

  9. 沃通SSL精灵,让站点HTTPS永只是期

    告别HTTP明文"裸奔"时代 百度.阿里巴巴.必应等越来越多的互联网巨头相继启用全站HTTPS加密,保护用户数据和隐私安全.逐步告别HTTP明文"裸奔"时代. ...

随机推荐

  1. 【公众号转载】MyBatis拦截器原理探究

    MyBatis拦截器介绍 MyBatis提供了一种插件(plugin)的功能,虽然叫做插件,但其实这是拦截器功能.那么拦截器拦截MyBatis中的哪些内容呢? 我们进入官网看一看: MyBatis 允 ...

  2. 【Linux】 源码安装make命令详解,避免踩坑

    正常的编译安装/卸载: 源码的安装一般由3个步骤组成:配置(configure).编译(make).安装(make install).   configure文件是一个可执行的脚本文件,它有很多选项, ...

  3. 微信小程序 发现之旅(三)—— 组件之间的参数传递

    一.URL 传参 当使用 navigateTo() 方法跳转页面的时候,可以在 url 后面接 query 参数 然后在 Page 页面的生命周期函数 onLoad 中可以接收到这些参数 这种方式只能 ...

  4. 【代码笔记】iOS-自定义loading(IanAlert)

    一,效果图. 二,工程图. 三,代码. ViewController.h #import <UIKit/UIKit.h> @interface ViewController : UIVie ...

  5. mysql数据库操作指令

    数据库相关 查询所有数据库 show databases; 创建数据库 create database 数据库名: 创建数据库指定字符集 create database 数据库名 character ...

  6. JS--我发现,原来你是这样的JS(三)(基础概念--灵魂篇)

    一.介绍 这是红宝书(JavaScript高级程序设计 3版)的读书笔记第三篇(灵魂篇介绍),有着剩下的第三章的知识内容. 红宝书这本书可以说是难啃的,要看完不容易,挺厚的,要看懂更不容易,要熟练js ...

  7. 如何使用活字格快速搭建Bug管理系统?

    Bug管理系统是指一种用于添加Bug.修复Bug.测试Bug.删除Bug的一套完整的Bug管理系统. 完整的Bug管理过程包含: 1.测试人员利用Bug管理系统提交发现的bug. 2.测试人员把bug ...

  8. Java Web工程搭建方法

    搭建一个简单的Web工程主要是以下几步: 一.下载所需工具 ①java   ②eclipse  ③tomcat 注意:java与eclipse版本不匹配(32位或者64位),会导致eclipse启动时 ...

  9. Android--动态改变ImageView的亮度

    //改变图片的亮度方法 0--原样 >0---调亮 <0---调暗 private void changeLight(ImageView imageView, int brightness ...

  10. [Android] TableLayout

    public class TableLayout extends LinearLayout 查过文档,整理下要点: 一个 TableLayout 包含一些 TableRow 对象,每个对象代表一行.除 ...