.....

user nobody;

worker_processes 8;

error_log /opt/logs/nginx/nginx_error.log crit;

pid /usr/local/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;

# charset gb2312;

server_names_hash_bucket_size 128;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
tcp_nodelay on;
output_buffers 4 32k;
postpone_output 1460;
client_header_buffer_size 128k;
large_client_header_buffers 4 256k;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
#load css js
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
proxy_buffer_size 128k;
proxy_buffers 32 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;

proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_store on;
proxy_store_access user:rw group:rw all:r;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;

#limit_zone crawler $binary_remote_addr 10m;

log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';

###配置负载方式###
upstream test123 {
server 10.10.1.201:7878;
}

upstream crmtest123 {
server 10.10.1.201:8090;
}

###配置站点###

server {
listen 80 default;
server_name www.test123.cn
;

set $tag "0";
if ( $host !~ ^www.test123.cn$ ){
set $tag "$tag,1";
}
if ( $host !~ ^test123.cn$ ){
set $tag "$tag,2";
}
if ( $tag ~ ^0,1,2$ ){
return 403;
}

location / {
proxy_pass http://test123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;

# rewrite ^/webPage/?$ / permannet;
# rewrite ^/webPage/(*)$/(.*)$ /$1/$2 ;
# rewrite ^/webPage/([0-9a-z]+)/(.*)$ /$1/$2 ;

}

location ~* /*Register.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterNext.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*RegisterLast.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*login.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhcz.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*acc_zhtx.html {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*wytz_tb.html {
rewrite ^(.*) https://$host$1 permanent;
}

location ~* /*/ssl/frame_top_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/frame_bottom_new.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/ssl/xx.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/manage/code.jsp {
rewrite ^(.*) https://$host$1 permanent;
}
location ~* /*/webPage/registerOffLine/*.* {
rewrite ^(.*) https://$host$1 permanent;
}

# location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
# expires 1h;
# rewrite ^(.*) https://$host$1 permanent;
# }

access_log /opt/logs/nginx/www.test123-access.log access;
}
server {
listen 443;
server_name www.test123.cn ;

ssl on;
ssl_certificate /usr/local/nginx/ssl/www.test123.crt;
ssl_certificate_key /usr/local/nginx/ssl/www.test123.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_session_cache shared:SSL:10m;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

location ~* /*Register.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterNext.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*RegisterLast.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*login.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhcz.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*acc_zhtx.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*wytz_tb.html {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*frame_top_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*frame_bottom_new.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*xx.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}
location ~* /*/manage/code.jsp {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* /*/webPage/registerOffLine/*.* {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

location ~* \.(js|css|do|gif|jpg|jpeg|png|bmp|ico|rar|zip|wma|flv|swf)$ {
proxy_pass http://test123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;

}

access_log /opt/logs/nginx/https.www.test123-access.log access;

}

server {
listen 80;
server_name test123.cn;
location / {
rewrite ^(.*) http://www.test123.cn$1 permanent;
}

}
server {
listen 80;
server_name crm.test123.cn;

location / {
proxy_pass http://crmtest123;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;
}
access_log /opt/logs/nginx/crm.test123-access.log access;
}

server {
listen 84;
server_name localhost;
location / {
stub_status on;
access_log off;
}

}

}

ssl,proxy;部分http部分https;80,443,8080;nginx+tomcat;的更多相关文章

  1. windows环境pip安装时一直报错Could not fetch URL https://pypi.org/simple/xrld/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url:

    最近项目不忙了~~有开始专研的python大业,上来想用pip安装一个第三方的库,就一直报错: Could not fetch URL https://pypi.org/simple/xrld/: T ...

  2. charles 之 ssl proxy 设置(https抓包)

    PC端设置 1.启动Charles软件,在菜单中找到 Help -> SSL Proxying ->Install Charles Root Certificate. 2.菜单中找到 pr ...

  3. 阿里云slb和ucloud负载均衡ulb添加ssl证书将http服务https化的配置详解

    阿里云和ucloud服务器配置ssl证书将http服务https化的配置详解 项目背景: 苹果App于2017年1月1日将启用App Transport Security安全功能,即强制App通过HT ...

  4. 企业网站的SSL签证生产测试以及https配置方法

    这一次要做企业网站怎么获得安全的数字证书,没有数字证书的话,在浏览器访问网站的时候会跳出不安全界面,而且钓鱼网站也会让用户进去个假网站,一般企业可以去阿里云去买数字证书,买好之后浏览器便会加载这个数字 ...

  5. 双网卡+mitmproxy+iptables搭建SSL中间人(支持非HTTPS协议)

    "想要解决一个问题,最根本方法的就是了解这一切是如何工作的,而不是玄学." --ASCII0X03 最近学习发现现在很多现成的安卓SSL中间人工具和教程都只针对HTTPS流量,比如 ...

  6. Unknown SSL protocol error in connection to xxx:443

    使用git从远程下载时,出现Unknown SSL protocol error in connection to xxx:443 错误. 很有可能是被墙在了外面,这里针对墙在外面的情况. 设置代理服 ...

  7. 没有部署ingress pod的woker节点telnet slb的80 443端口不通

    一,问题描述 没有部署ingress pod的woker节点telnet slb的80 443端口不通 二,解决办法 方法一:改用svc地址调用 方法二:让每台woker节点都部署ingress po ...

  8. SVN 错误:Error validating server certificate for 'https://xxxxxxx':443... Mac os svn客户端证书验证缓存 解决

    mac上的SVN今天突然间 不好使了 在进行SVN操作是报出警告信息 Error validating server certificate for 'https://xxxxxxx':443 - T ...

  9. 沃通SSL精灵,让站点HTTPS永只是期

    告别HTTP明文"裸奔"时代 百度.阿里巴巴.必应等越来越多的互联网巨头相继启用全站HTTPS加密,保护用户数据和隐私安全.逐步告别HTTP明文"裸奔"时代. ...

随机推荐

  1. 如何在Eclipse中修改Git项目

    第一步:先在Eclipse创建一个要上传的项目. 第二步:创建一个Git仓库并与远程仓库相连 第三步:将Eclipse创建的项目复制到创建好的Git仓库 第四步:将Eclipse新建项目删除重新imp ...

  2. Java GC机制详解

    垃圾收集 Garbage Collection 通常被称为“GC”,本文详细讲述Java垃圾回收机制. 导读: 1.什么是GC 2.GC常用算法 3.垃圾收集器 4.finalize()方法详解 5. ...

  3. POJ2387(KB4-A)

    Til the Cows Come Home Time Limit: 1000MS   Memory Limit: 65536K Total Submissions: 54716   Accepted ...

  4. 从零开始学习html(十)CSS格式化排版——下

    六.文字排版--删除线 <!DOCTYPE HTML> <html> <head> <meta http-equiv="Content-Type&q ...

  5. web api 权限控制

    https://www.cnblogs.com/landeanfen/p/5287064.html 我只是个搬运工, 我只想存个档

  6. VS2010部署相关

    找到一篇写得最负责的.贴住收藏了: http://blog.csdn.net/xhf55555/article/details/7702212. 之前在其它地方找的都缺胳膊少腿,真不知他们自己怎么实现 ...

  7. Expo大作战(三)--针对已经开发过react native项目开发人员有针对性的介绍了expo,expo的局限性,开发时项目选型注意点等

    简要:本系列文章讲会对expo进行全面的介绍,本人从2017年6月份接触expo以来,对expo的研究断断续续,一路走来将近10个月,废话不多说,接下来你看到内容,讲全部来与官网 我猜去全部机翻+个人 ...

  8. svn目标计算机主动拒绝

    这两天上传文件到服务器端,总是提示“ 目标计算机主动拒绝”. 后来排查,是受到360杀毒软件的文件系统实时防护功能影响. 虽然服务器端已经将仓库目录添加进360杀毒的白名单,但随着用户不断更新文件,文 ...

  9. Oracle EBS OM 取消订单行

    DECLARE l_header_rec OE_ORDER_PUB.Header_Rec_Type; l_line_tbl OE_ORDER_PUB.Line_Tbl_Type; l_action_r ...

  10. 数据库还原错误:指定的转换无效。(SqlManagerUI)

    SSMS在一定程度上方便我们进行一些常见的操作.但有时候它处理得又不是那么不人性化.尤其是错误信息. 今天我在进行数据库还原的时候就碰到一个错误:指定的转换无效.(SqlManagerUI) Spec ...