.....

user nobody;

worker_processes 8;

error_log /opt/logs/nginx/nginx_error.log crit;

pid /usr/local/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;

# charset gb2312;

server_names_hash_bucket_size 128;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
tcp_nodelay on;
output_buffers 4 32k;
postpone_output 1460;
client_header_buffer_size 128k;
large_client_header_buffers 4 256k;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
#load css js
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
proxy_buffer_size 128k;
proxy_buffers 32 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;

proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_store on;
proxy_store_access user:rw group:rw all:r;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;

#limit_zone crawler $binary_remote_addr 10m;

log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';

###配置负载方式###
upstream test123 {
server 10.10.1.201:7878;
}

upstream crmtest123 {
server 10.10.1.201:8090;
}

###配置站点###

server {
listen 80 default;
server_name www.test123.cn
;

set $tag "0";
if ( $host !~ ^www.test123.cn$ ){
set $tag "$tag,1";
}
if ( $host !~ ^test123.cn$ ){
set $tag "$tag,2";
}
if ( $tag ~ ^0,1,2$ ){
return 403;
}

location / {
proxy_pass http://test123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;

# rewrite ^/webPage/?$ / permannet;
# rewrite ^/webPage/(*)$/(.*)$ /$1/$2 ;
# rewrite ^/webPage/([0-9a-z]+)/(.*)$ /$1/$2 ;

}

location ~* /*Register.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterNext.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterLast.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*login.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhcz.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhtx.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*wytz_tb.html {
rewrite ^(.*) https://$host$1 permanent;
}

location ~* /*/ssl/frame_top_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/frame_bottom_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/xx.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/manage/code.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/webPage/registerOffLine/*.* {
rewrite ^(.*) https://$host$1 permanent;
}

# location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
# expires 1h;
# rewrite ^(.*) https://$host$1 permanent;
# }

access_log /opt/logs/nginx/www.test123-access.log access;
}
server {
listen 443;
server_name www.test123.cn ;

ssl on;
ssl_certificate /usr/local/nginx/ssl/www.test123.crt;
ssl_certificate_key /usr/local/nginx/ssl/www.test123.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_session_cache shared:SSL:10m;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

location ~* /*Register.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterNext.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterLast.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*login.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhcz.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhtx.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*wytz_tb.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*frame_top_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*frame_bottom_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*xx.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*/manage/code.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*/webPage/registerOffLine/*.* {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

access_log /opt/logs/nginx/https.www.test123-access.log access;

}

server {
listen 80;
server_name test123.cn;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

}
server {
listen 80;
server_name crm.test123.cn;

location / {
proxy_pass http://crmtest123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;
}
access_log /opt/logs/nginx/crm.test123-access.log access;
}

server {
listen 84;
server_name localhost;
location / {
stub_status on;
access_log off;
}

}

}

ssl,proxy;部分http部分https;80,443,8080;nginx+tomcat;的更多相关文章

  1. windows环境pip安装时一直报错Could not fetch URL https://pypi.org/simple/xrld/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url:

    最近项目不忙了~~有开始专研的python大业,上来想用pip安装一个第三方的库,就一直报错: Could not fetch URL https://pypi.org/simple/xrld/: T ...

  2. charles 之 ssl proxy 设置(https抓包)

    PC端设置 1.启动Charles软件,在菜单中找到 Help -> SSL Proxying ->Install Charles Root Certificate. 2.菜单中找到 pr ...

  3. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  4. 企业网站的SSL签证生产测试以及https配置方法

    这一次要做企业网站怎么获得安全的数字证书,没有数字证书的话,在浏览器访问网站的时候会跳出不安全界面,而且钓鱼网站也会让用户进去个假网站,一般企业可以去阿里云去买数字证书,买好之后浏览器便会加载这个数字 ...

  5. 双网卡+mitmproxy+iptables搭建SSL中间人(支持非HTTPS协议)

    "想要解决一个问题,最根本方法的就是了解这一切是如何工作的,而不是玄学." --ASCII0X03 最近学习发现现在很多现成的安卓SSL中间人工具和教程都只针对HTTPS流量,比如 ...

  6. Unknown SSL protocol error in connection to xxx:443

    使用git从远程下载时,出现Unknown SSL protocol error in connection to xxx:443 错误. 很有可能是被墙在了外面,这里针对墙在外面的情况. 设置代理服 ...

  7. 没有部署ingress pod的woker节点telnet slb的80 443端口不通

    一,问题描述 没有部署ingress pod的woker节点telnet slb的80 443端口不通 二,解决办法 方法一:改用svc地址调用 方法二:让每台woker节点都部署ingress po ...

  8. SVN 错误:Error validating server certificate for 'https://xxxxxxx':443... Mac os svn客户端证书验证缓存 解决

    mac上的SVN今天突然间 不好使了 在进行SVN操作是报出警告信息 Error validating server certificate for 'https://xxxxxxx':443 - T ...

  9. 沃通SSL精灵,让站点HTTPS永只是期

    告别HTTP明文"裸奔"时代 百度.阿里巴巴.必应等越来越多的互联网巨头相继启用全站HTTPS加密,保护用户数据和隐私安全.逐步告别HTTP明文"裸奔"时代. ...

随机推荐

  1. Linux常用基本命令:uniq-去重复

    uniq命令 作用:输出或者忽略文件中的重复行 格式: uniq [option] [file|stdin] ghostwu@dev:~/linux/uniq$ cat ghostwu.txt 192 ...

  2. php获取本月、上月、上上月、今日、昨日、上周的起始时间

    // 本月起始时间: $begin_time = date ( "Y-m-d H:i:s", mktime ( 0, 0, 0, date ( "m" ), 1 ...

  3. 第三十天- 进程 Process模块 空间隔离

    1.进程: 进程(Process)是计算机中的程序关于某数据集合上的一次运行活动,是系统进行资源分配和调度的基本单位,是操作系统结构的基础.在早期面向进程设计的计算机结构中,进程是程序的基本执行实体: ...

  4. 08:Vigenère密码

    08:Vigenère密码 查看 提交 统计 提问 总时间限制:  1000ms 内存限制:  65536kB 描述 16世纪法国外交家Blaise de Vigenère设计了一种多表密码加密算法— ...

  5. SSM(Spring MVC +Spring+Mybatis)整合——maven工程

    所谓的SSM 其实就是Spring MVC下整合mybatis. 具体的定义网络上都有,很详细. 这里只说项目的搭建步骤. 第一步 新建maven工程 工程目录如下: 配置pom.xml文件,引入所需 ...

  6. php完美分页工具

    <?php /** file: page.class.php 完美分页类 Page */ class Page { private $total; //数据表中总记录数 private $lis ...

  7. Win10 开启便签快捷键

    前提: Win10系统 方法: 开启便签的快捷键:windows+W 这样就可以打开便签,使用起来非常方便

  8. android展示注册进度效果源码

  9. Android Application中的Context和Activity中的Context的异同

    一.Context是什么: 1.Context是维持Android程序中各组件能够正常工作的一个核心功能类,我们选中Context类 ,按下快捷键F4,右边就会出现一个Context类的继承结构图啦, ...

  10. nodejs设置NODE_ENV环境变量(2)

    引的人家的,原文地址:http://sorex.cnblogs.com/p/6200940.html 环境变量 环境变量是操作系统运行环境的一些参数.在开发环境或者部署环境中都需要使用到.本文讲述了使 ...