server { listen 443 ssl; #監聽443端口 server_name www.app01.com; ssl on; #啟用ssl加密 ssl_certificate /etc/cert/xip.io.crt; #服務器證書crt文件 ssl_certificate_key /etc/cert/xip.io.key; #服務器私鑰key文件 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://192.168.1.109:8010/; } } server { listen 443 ssl; server_name www.app02.com; ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://192.168.1.116:8020/; }
后端app宕機會被踢掉,恢復自動加入:
upstream app_pools { session_sticky; server 192.168.1.109:8010 weight=1; server 192.168.1.116:8020 weight=1; check interval=3000 rise=2 fall=4 timeout=2000; } server { listen 443 ssl; server_name www.app01.com; ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://app_pools; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for; } }
配置間容http https兩種:
server { listen 80; listen 443; server_name www.app01.com; ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.100.0.195:8010/; } }
如果在主配置文件中監聽的端口不是80,再虛機的時候配置文件是如下:注釋掉ssl on; 在listen 443 后面加上ssl;
[root@ha01 conf]# cat hosts.conf upstream app01_pools { session_sticky; server 10.100.0.195:8010 weight=1; #server 192.168.1.116:8020 weight=1; check interval=3000 rise=2 fall=4 timeout=2000; } upstream app02_pools { session_sticky; server 10.100.0.192:8020 weight=1; check interval=3000 rise=2 fall=4 timeout=2000; } server { listen 80; listen 443 ssl; server_name www.app01.com apps01.com; #ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://app01_pools; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forworded_for; } } server { listen 80; listen 443 ssl; server_name www.app02.com app02.com; #ssl on; ssl_certificate /etc/cert/xip.io.crt; ssl_certificate_key /etc/cert/xip.io.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://app02_pools; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } [root@ha01 co
nginx 配置https 經測試 支持location 規則
還有一點就是nginx只要一個vhost開了80端口,也就是服務器開了80端口,當配另一台https時即不配上80端口,同會有80端口,因為服務器,已經開來不80.