#user nobody; worker_processes 4; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include mime.types; # 加載naxsi include naxsi_core.rules; default_type text/html; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; keepalive_timeout 65; gzip on; upstream baseserver { server 127.0.0.1:9000; } upstream ssoserver { server 127.0.0.1:9001; } server { listen 80; listen 8018; #listen 443 ssl http2; server_name localhost; # 黃海添加於2018-10-24 #ssl on; #ssl_certificate /usr/local/openresty/nginx/conf/cacert.pem; #ssl_certificate_key /usr/local/openresty/nginx/conf/rsa_private_key.pem; #ssl_session_timeout 5m; #讓http請求重定向到https請求 #error_page 497 https://$host$uri?$args; location =/ { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://baseserver/baseService/; proxy_redirect http://$host/ http://$http_host/; } location /baseService/html/ { root /usr/local/tomcat8/webapps; expires 30d; } location /dsssoserver/html/ { root /usr/local/tomcat8/webapps; expires 30d; } location ^~ /baseService { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://baseserver; } location ^~ /dsssoserver { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://ssoserver; } # 配置403 location /errPage { #root /usr/local/openresty/nginx/html; rewrite ^/(.*)$ https://$host/403/403.html permanent; } location ^~/403/ { root /usr/local/openresty/nginx/html; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }