.....

user nobody;

worker_processes 8;

error_log /opt/logs/nginx/nginx_error.log crit;

pid /usr/local/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;

# charset gb2312;

server_names_hash_bucket_size 128;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
tcp_nodelay on;
output_buffers 4 32k;
postpone_output 1460;
client_header_buffer_size 128k;
large_client_header_buffers 4 256k;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
#load css js
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
proxy_buffer_size 128k;
proxy_buffers 32 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;

proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_store on;
proxy_store_access user:rw group:rw all:r;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;

#limit_zone crawler $binary_remote_addr 10m;

log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';

###配置负载方式###
upstream test123 {
server 10.10.1.201:7878;
}

upstream crmtest123 {
server 10.10.1.201:8090;
}

###配置站点###

server {
listen 80 default;
server_name www.test123.cn
;

set $tag "0";
if ( $host !~ ^www.test123.cn$ ){
set $tag "$tag,1";
}
if ( $host !~ ^test123.cn$ ){
set $tag "$tag,2";
}
if ( $tag ~ ^0,1,2$ ){
return 403;
}

location / {
proxy_pass http://test123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;

# rewrite ^/webPage/?$ / permannet;
# rewrite ^/webPage/(*)$/(.*)$ /$1/$2 ;
# rewrite ^/webPage/([0-9a-z]+)/(.*)$ /$1/$2 ;

}

location ~* /*Register.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterNext.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterLast.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*login.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhcz.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhtx.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*wytz_tb.html {
rewrite ^(.*) https://$host$1 permanent;
}

location ~* /*/ssl/frame_top_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/frame_bottom_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/xx.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/manage/code.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/webPage/registerOffLine/*.* {
rewrite ^(.*) https://$host$1 permanent;
}

# location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
# expires 1h;
# rewrite ^(.*) https://$host$1 permanent;
# }

access_log /opt/logs/nginx/www.test123-access.log access;
}
server {
listen 443;
server_name www.test123.cn ;

ssl on;
ssl_certificate /usr/local/nginx/ssl/www.test123.crt;
ssl_certificate_key /usr/local/nginx/ssl/www.test123.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_session_cache shared:SSL:10m;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

location ~* /*Register.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterNext.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterLast.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*login.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhcz.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhtx.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*wytz_tb.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*frame_top_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*frame_bottom_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*xx.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*/manage/code.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*/webPage/registerOffLine/*.* {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

access_log /opt/logs/nginx/https.www.test123-access.log access;

}

server {
listen 80;
server_name test123.cn;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

}
server {
listen 80;
server_name crm.test123.cn;

location / {
proxy_pass http://crmtest123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;
}
access_log /opt/logs/nginx/crm.test123-access.log access;
}

server {
listen 84;
server_name localhost;
location / {
stub_status on;
access_log off;
}

}

}

ssl,proxy;部分http部分https;80,443,8080;nginx+tomcat;的更多相关文章

  1. windows环境pip安装时一直报错Could not fetch URL https://pypi.org/simple/xrld/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url:

    最近项目不忙了~~有开始专研的python大业,上来想用pip安装一个第三方的库,就一直报错: Could not fetch URL https://pypi.org/simple/xrld/: T ...

  2. charles 之 ssl proxy 设置(https抓包)

    PC端设置 1.启动Charles软件,在菜单中找到 Help -> SSL Proxying ->Install Charles Root Certificate. 2.菜单中找到 pr ...

  3. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  4. 企业网站的SSL签证生产测试以及https配置方法

    这一次要做企业网站怎么获得安全的数字证书,没有数字证书的话,在浏览器访问网站的时候会跳出不安全界面,而且钓鱼网站也会让用户进去个假网站,一般企业可以去阿里云去买数字证书,买好之后浏览器便会加载这个数字 ...

  5. 双网卡+mitmproxy+iptables搭建SSL中间人(支持非HTTPS协议)

    "想要解决一个问题,最根本方法的就是了解这一切是如何工作的,而不是玄学." --ASCII0X03 最近学习发现现在很多现成的安卓SSL中间人工具和教程都只针对HTTPS流量,比如 ...

  6. Unknown SSL protocol error in connection to xxx:443

    使用git从远程下载时,出现Unknown SSL protocol error in connection to xxx:443 错误. 很有可能是被墙在了外面,这里针对墙在外面的情况. 设置代理服 ...

  7. 没有部署ingress pod的woker节点telnet slb的80 443端口不通

    一,问题描述 没有部署ingress pod的woker节点telnet slb的80 443端口不通 二,解决办法 方法一:改用svc地址调用 方法二:让每台woker节点都部署ingress po ...

  8. SVN 错误:Error validating server certificate for 'https://xxxxxxx':443... Mac os svn客户端证书验证缓存 解决

    mac上的SVN今天突然间 不好使了 在进行SVN操作是报出警告信息 Error validating server certificate for 'https://xxxxxxx':443 - T ...

  9. 沃通SSL精灵,让站点HTTPS永只是期

    告别HTTP明文"裸奔"时代 百度.阿里巴巴.必应等越来越多的互联网巨头相继启用全站HTTPS加密,保护用户数据和隐私安全.逐步告别HTTP明文"裸奔"时代. ...

随机推荐

  1. 【Mysql】可视化工具

    一.navicat 破解方法:http://www.jianshu.com/p/b1f9194e1e31 二. MySQL Workbench(GUI TOOL)一款专为MySQL设计的ER/数据库建 ...

  2. 撩课-Web大前端每天5道面试题-Day29

    1.https协议的优点? 使用HTTPS协议可认证用户和服务器, 确保数据发送到正确的客户机和服务器: HTTPS协议是由SSL+HTTP协议构建的可进行加密传输. 身份认证的网络协议,要比http ...

  3. linux_shell_传递参数

    在执行shell脚本时可以传递参数: 脚本获取参数的格式为:$0  $1  $2 ...其中$1 为传递的第一个参数  而$0 接受的是./test.sh 这个东西 代码:例: #!/bin/bash ...

  4. Linux常用基本命令(chmod)

    chmod命令用来改变文件或者目录的权限,只有文件的属主和超级用户才能够执行这个命令 格式: chmod [option] [mode] [file] >常用参数选项 -R : 递归修改目录以及 ...

  5. CentOS7查看开放端口命令及开放端口号

    CentOS 7查看以开放端口命令:firewall-cmd —list-ports 查看端口是否开放命令:第一个方法就是使用lsof -i:端口号命令行,例如lsof -i:80.如果没有任何信息输 ...

  6. PHP-隐藏手机号中间四位

    substr_replace('手机号', '****', 3, 4);

  7. mongose + express 写REST API

    一.准备工具 先确保电脑已经安装好nodejs 1.mongoose:安装非常简单: npm install mongoose --save   [mongoose封装了mongodb的方法,调用mo ...

  8. 2016年CSDN十大博客之星评选,快来投票哈~

    11-28号开始投票,现在处于公示期.这是我的投票链接 : http://blog.csdn.net/vote/candidate.html?username=qq_25827845 重在参与,各位小 ...

  9. ActiveReports 报表中 RDF 文件解析

    AcitveReport 提供两种报表模板,XML(RPX)模板和Code-Based 模板.两者都可以用于设计报表. 但是 RDF 格式文件我们大多不是很了解.许多客户在提到 RDF 格式时显得无所 ...

  10. [Ubuntu] 14.04 外接显示器分辨率调整

    最近按照提示更新了一下系统,安装了100多M的更新包,结果系统又读不出外接显示器的信息了,开机显示vga-1:probed a monitor but no|invalid edid,我也不懂. 后来 ...