.....

user nobody;

worker_processes 8;

error_log /opt/logs/nginx/nginx_error.log crit;

pid /usr/local/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;

# charset gb2312;

server_names_hash_bucket_size 128;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
tcp_nodelay on;
output_buffers 4 32k;
postpone_output 1460;
client_header_buffer_size 128k;
large_client_header_buffers 4 256k;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
#load css js
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
proxy_buffer_size 128k;
proxy_buffers 32 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;

proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_store on;
proxy_store_access user:rw group:rw all:r;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;

#limit_zone crawler $binary_remote_addr 10m;

log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';

###配置负载方式###
upstream test123 {
server 10.10.1.201:7878;
}

upstream crmtest123 {
server 10.10.1.201:8090;
}

###配置站点###

server {
listen 80 default;
server_name www.test123.cn
;

set $tag "0";
if ( $host !~ ^www.test123.cn$ ){
set $tag "$tag,1";
}
if ( $host !~ ^test123.cn$ ){
set $tag "$tag,2";
}
if ( $tag ~ ^0,1,2$ ){
return 403;
}

location / {
proxy_pass http://test123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;

# rewrite ^/webPage/?$ / permannet;
# rewrite ^/webPage/(*)$/(.*)$ /$1/$2 ;
# rewrite ^/webPage/([0-9a-z]+)/(.*)$ /$1/$2 ;

}

location ~* /*Register.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterNext.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterLast.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*login.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhcz.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhtx.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*wytz_tb.html {
rewrite ^(.*) https://$host$1 permanent;
}

location ~* /*/ssl/frame_top_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/frame_bottom_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/xx.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/manage/code.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/webPage/registerOffLine/*.* {
rewrite ^(.*) https://$host$1 permanent;
}

# location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
# expires 1h;
# rewrite ^(.*) https://$host$1 permanent;
# }

access_log /opt/logs/nginx/www.test123-access.log access;
}
server {
listen 443;
server_name www.test123.cn ;

ssl on;
ssl_certificate /usr/local/nginx/ssl/www.test123.crt;
ssl_certificate_key /usr/local/nginx/ssl/www.test123.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_session_cache shared:SSL:10m;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

location ~* /*Register.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterNext.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterLast.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*login.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhcz.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhtx.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*wytz_tb.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*frame_top_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*frame_bottom_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*xx.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*/manage/code.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*/webPage/registerOffLine/*.* {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

access_log /opt/logs/nginx/https.www.test123-access.log access;

}

server {
listen 80;
server_name test123.cn;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

}
server {
listen 80;
server_name crm.test123.cn;

location / {
proxy_pass http://crmtest123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;
}
access_log /opt/logs/nginx/crm.test123-access.log access;
}

server {
listen 84;
server_name localhost;
location / {
stub_status on;
access_log off;
}

}

}

ssl,proxy;部分http部分https;80,443,8080;nginx+tomcat;的更多相关文章

  1. windows环境pip安装时一直报错Could not fetch URL https://pypi.org/simple/xrld/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url:

    最近项目不忙了~~有开始专研的python大业,上来想用pip安装一个第三方的库,就一直报错: Could not fetch URL https://pypi.org/simple/xrld/: T ...

  2. charles 之 ssl proxy 设置(https抓包)

    PC端设置 1.启动Charles软件,在菜单中找到 Help -> SSL Proxying ->Install Charles Root Certificate. 2.菜单中找到 pr ...

  3. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  4. 企业网站的SSL签证生产测试以及https配置方法

    这一次要做企业网站怎么获得安全的数字证书,没有数字证书的话,在浏览器访问网站的时候会跳出不安全界面,而且钓鱼网站也会让用户进去个假网站,一般企业可以去阿里云去买数字证书,买好之后浏览器便会加载这个数字 ...

  5. 双网卡+mitmproxy+iptables搭建SSL中间人(支持非HTTPS协议)

    "想要解决一个问题,最根本方法的就是了解这一切是如何工作的,而不是玄学." --ASCII0X03 最近学习发现现在很多现成的安卓SSL中间人工具和教程都只针对HTTPS流量,比如 ...

  6. Unknown SSL protocol error in connection to xxx:443

    使用git从远程下载时,出现Unknown SSL protocol error in connection to xxx:443 错误. 很有可能是被墙在了外面,这里针对墙在外面的情况. 设置代理服 ...

  7. 没有部署ingress pod的woker节点telnet slb的80 443端口不通

    一,问题描述 没有部署ingress pod的woker节点telnet slb的80 443端口不通 二,解决办法 方法一:改用svc地址调用 方法二:让每台woker节点都部署ingress po ...

  8. SVN 错误:Error validating server certificate for 'https://xxxxxxx':443... Mac os svn客户端证书验证缓存 解决

    mac上的SVN今天突然间 不好使了 在进行SVN操作是报出警告信息 Error validating server certificate for 'https://xxxxxxx':443 - T ...

  9. 沃通SSL精灵,让站点HTTPS永只是期

    告别HTTP明文"裸奔"时代 百度.阿里巴巴.必应等越来越多的互联网巨头相继启用全站HTTPS加密,保护用户数据和隐私安全.逐步告别HTTP明文"裸奔"时代. ...

随机推荐

  1. Redis——非阻塞IO和队列

    Redis是个高并发的中间件,但是确实是单线程.而且,Nginx.Node.js等也是单线程的.Redis通过非阻塞IO(IO多路复用)处理那么多的并发客户端连接,并且,由于Redis所有的数据都在内 ...

  2. Nett的Http表头赋值

    DefaultFullHttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseSta ...

  3. servlet 中处理 json 请求,并访问 service 类,返回处理结果

    前言:jar 包中的 servlet 必须可以处理前端发出的 ajax 请求,接收参数,并返回结果. github地址:yuleGH github 这里有个约定,url 地址是 .json 结尾的,如 ...

  4. java设计模式-----23、命令模式

    概念: Command模式也叫命令模式 ,是行为设计模式的一种.Command模式通过被称为Command的类封装了对目标对象的调用行为以及调用参数. 命令模式(Command Pattern)是一种 ...

  5. (二)windows上使用docker

    参考文献: 1.下载CentOS7镜像 Docker中使用CentOS7镜像 2.使用docker 在Windows里使用Docker 3.使用docker docker学习笔记(windows/ce ...

  6. CSS应用的小问题总结

    1.两个元素换行书写时,在实际的布局中展示为两个元素之间多了一个区间(这个区间通常是因为代码在换行时,解析会自动默认为一个空格字符),所以在实际应用时,如果想要将两个元素完全无缝隙的放置在一起并排显示 ...

  7. 使用PeopleSoft 异步操作设置步骤

    在手机端调PS接口或同步数据到中间库等程序中经常用到异步操作. 在主菜单>PeopleTools>集成代理程序>集成设置中添加了服务和服务操作后需要设置以下3步才能完成异步程序: 1 ...

  8. loadrunner 脚本开发- web_url函数详解

    脚本开发- web_url函数详解 by:授客 QQ:1033553122   加载指定url的web页面(GET请求) C语言函数 int web_url( const char *StepName ...

  9. Android 经典欧美小游戏 guess who

    本来是要做iOS开发的,因为一些世事无常和机缘巧合与测试工作还有安卓系统结下了不解之缘,前不久找到了guess who 源码,又加入了一些自己的元素最终完成了这个简单的小游戏. <?xml ve ...

  10. mysql面试题目

    昨天晚上无意中翻译到baidu的 dba(mysql,redis) 面试题,阅读了一下,发现没有一个自己能完美解释的.这确实是温床导致的思维懒惰. 具体几个问题如下: 1:MySQL InnoDB存储 ...