error_log /var/log/nginx/error.log debug; #制定日志路径,级别。这个设置可以放入全局块,http块,server块,级别以此为:debug|info|notice|warn|error|crit|alert|emerg # events { # accept_mutex on; #设置网路连接序列化,防止惊群现象发生,默认为on # multi_accept on; #设置一个进程是否同时接受多个网络连接,默认为off # worker_connections 1024; #最大连接数,默认为512 # } # http { # default_type application/octet-stream; #默认文件类型,默认为text/plain # log_format myFormat '$remote_addr–$remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for'; #自定义格式 # access_log log/access.log myFormat; #combined为日志格式的默认值 # sendfile on; #允许sendfile方式传输文件,默认为off,可以在http块,server块,location块。 # sendfile_max_chunk 1000m; #每个进程每次调用传输数量不能大于设定的值,默认为0,即不设上限。 # keepalive_timeout 600; #连接超时时间,默认为75s,可以在http,server,location块。 upstream nas { server 192.168.10.15:5001; } upstream wiki { server 127.0.0.1:8090; } upstream route { server 192.168.10.8:80; } upstream photo { server 192.168.10.15:5000; # server 203.107.47.98:800 ; } upstream www.baidu.com{ server 127.0.0.1:505; } error_page 404 https://www.baidu.com; #错误页 #1.for nas server { listen 5001 ssl; server_name ida8.cn; # 设置ssl证书文件路径 ssl_certificate certs/_.ida8.cn.pem; ssl_certificate_key certs/_.ida8.cn.key; ssl_session_timeout 5m; #ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_verify_client off;
add_header Strict-Transport-Security "max-age=31536000"; # 访问日志 access_log /var/log/nginx/ida8.cn.https.log; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; # 支持websocket协议,用于浏览器访问虚拟机 location /synovirtualization { proxy_ssl_server_name on; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass https://nas; } location / { #请求的url过滤,正则匹配,~为区分大小写,~*为不区分大小写。 proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass https://nas; #请求转向mysvr 定义的服务器列表 } } #2.for wiki server { listen 5001 ssl; server_name wiki.ida8.cn; # 设置ssl证书文件路径 ssl_certificate certs/_.ida8.cn.pem; ssl_certificate_key certs/_.ida8.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000"; # 访问日志 access_log /var/log/nginx/wiki.ida8.cn.https.log; location ~*/pages/createpage-entervariables.action { #抓小鬼 proxy_pass https://www.baidu.com; # } location ~*/pages/doenterpagevariables.action { #抓小鬼 proxy_pass https://www.baidu.com; # } location / { #请求的url过滤,正则匹配,~为区分大小写,~*为不区分大小写。 proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://wiki; #请求转向mysvr 定义的服务器列表 } } #3.for route server { listen 5001 ssl; server_name route.ida8.cn; # 设置ssl证书文件路径 ssl_certificate certs/_.ida8.cn.pem; ssl_certificate_key certs/_.ida8.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000"; # 访问日志 access_log /var/log/nginx/route.ida8.cn.https.log; location / { #请求的url过滤,正则匹配,~为区分大小写,~*为不区分大小写。 proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://route; #请求转向mysvr 定义的服务器列表 } } #4.for photo server { listen 5001 ssl; server_name photo.ida8.cn; # 设置ssl证书文件路径 ssl_certificate certs/_.ida8.cn.pem; ssl_certificate_key certs/_.ida8.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000"; # 访问日志 access_log /var/log/nginx/photo.ida8.cn.https.log; location / { #请求的url过滤,正则匹配,~为区分大小写,~*为不区分大小写。 proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://photo; #请求转向mysvr 定义的服务器列表 } } #server { #listen 5001; #server_name photo.ida8.cn; #rewrite ^(.*)$ https://$host$1 redirect; # 临时重定向 302 ##rewrite ^(.*)$ https://$host$1 permanent; # 永久重定向 301 #} # }
|