第一步 上传ssl证书并解压
第二步常用配置
server {
listen 80;
server_name web.pdhq.pudulink.com;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
server_name web.pdhq.pudulink.com;
ssl_certificate /root/nginx/3972117__rbcas.com.cn.pem;
ssl_certificate_key /root/nginx/3972117__rbcas.com.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSV1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
access_log /data/logs/dmtest.rbcas.com.cn_access.log;
error_log /data/logs/dmtest.rbcas.com.cn_error.log;
location /api {
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_pass http://127.0.0.1:20071;
# 静态文件
location /static/ {
access_log off;
expires 1d;
root /root/data/pdhq/pdhq-web/;
}
}