nginx反代及后端web配置

一、反代配置，proxy_pass指向的upstream需要在反代的nginx.conf中配置

server {
access_log /home/nginx/front_access.log;
error_log /home/nginx/front-errors.log;
ssl on;
ssl_certificate system/project/ssl/certificate.crt;
ssl_certificate_key system/project/ssl/private.key;
listen 443;
server_name ABC.com www.ABC.com;
location ~ .*\.(gif|jpg|png|htm|html|flv|ico|swf)(.*) {
proxy_pass https://baiduhttps;

proxy_redirect off;
proxy_set_header Host $host;
proxy_cache cache_one;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 301 1d;
proxy_cache_valid any 1m;
expires 30d;
}

location / {
proxy_next_upstream off;
proxy_connect_timeout 50s;
proxy_send_timeout 50s;
proxy_read_timeout 50s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://baiduhttps;
}
}

server {
access_log /home/nginx/front_access.log;
error_log /home/nginx/nuoya-errors99.log;

listen 443;
ssl on;
ssl_certificate system/project/ssl/certificate.crt;
ssl_certificate_key system/project/ssl/private.key;

ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/system/project/ssl/dhparam.pem;
add_header Strict-Transport-Security "max-age=80720000; preload";

server_name wap.ABC.com;
location ~ .*\.(gif|jpg|png|htm|html|flv|ico|swf)(.*) {
proxy_pass https://baiduwaps;
proxy_redirect off;
proxy_set_header Host $host;
proxy_cache cache_one;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 301 1d;
proxy_cache_valid any 1m;
expires 30d;
}
location / {
proxy_next_upstream off;
proxy_connect_timeout 50s;
proxy_send_timeout 50s;
proxy_read_timeout 50s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://baiduwaps;
}
}

二、后端web配置

server {
root /var/www/project/;
index index.php;
listen 443;
ssl on;
ssl_certificate vhost/ssl/certificate.crt;
ssl_certificate_key vhost/ssl/private.key;
access_log /home/wwwlogs/front_access.log main;
server_name ABC.com www.ABC.com;
set $flag 0;
if ($request_uri ~ "\.php" ){
set $flag "${flag}1";
}
if ($request_uri !~ "index.php" ){
set $flag "${flag}2";
}
if ($flag = "012") {
rewrite ^(.*) http://$host/index.php/ permanent;
}

location / {
try_files $uri $uri/ =404;
}

error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

if (!-f $request_filename)
{
rewrite ^(.+)$ /index.php?_url=$1 last;
}
if (!-e $request_filename) {
rewrite ^(.+)$ /index.php?_url=$1 last;
break;
}

location ~ \.php$ {
include enable-php.conf;
}

}

server {
root /var/www/wap/;
index index.php index.html index.htm;
listen 443;
ssl on;
ssl_certificate vhost/ssl/certificate.crt;
ssl_certificate_key vhost/ssl/private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/nginx/conf/vhost/ssl/dhparam.pem;
add_header Strict-Transport-Security "max-age=80720000; preload";
server_name wap.ABC.com;

access_log /home/wwwlogs/front_access.log main;
set $flag 0;
if ($request_uri ~ "\.php" ){
set $flag "${flag}1";
}
if ($request_uri !~ "index.php" ){
set $flag "${flag}2";
}
if ($flag = "012") {
rewrite ^(.*) http://$host/index.php/ permanent;
}

location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

if (!-f $request_filename)
{
rewrite ^(.+)$ /index.php?_url=$1 last;
}
if (!-e $request_filename) {
rewrite ^(.+)$ /index.php?_url=$1 last;
break;
}
location ~ \.php$ {
fastcgi_pass unix:/dev/shm/php-fpm.sock;
include enable-php.conf;
}

}