server {
listen 443 ssl http2;
#证书文件名称
ssl_certificate ***.crt;
#私钥文件名称
ssl_certificate_key ***.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
server_name www.***.com ***.com;
root /var/www/html
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8080;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
server {
listen 80;
server_name www.***.com ***.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
Article
一个典型的ssl反代nginx 虚拟主机的配置文件