user root;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - remote_user \[time_local] "$request" '
'$status body_bytes_sent "http_referer" '
'"http_user_agent" "http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#解决respose返回头过大导致nginx502报错
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
server {
listen 80;
server_name youge.cn www.youge.cn;
return 301 https://hostrequest_uri;
}
server {
listen 443 ssl http2; # 启用 HTTPS 和 HTTP/2
#server_name youge.cn www.youge.cn;
SSL 证书配置
ssl_certificate /etc/nginx/youge.cn.crt; # 替换为实际路径
ssl_certificate_key /etc/nginx/youge.cn.key; # 替换为实际路径
添加中间证书
ssl_client_certificate /etc/nginx/youge.cn.pem;
ssl_trusted_certificate /etc/nginx/youge.cn.pem;
SSL 设置
ssl_protocols TLSv1.2 TLSv1.3; # 支持的协议版本
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
静态文件缓存
location / {
proxy_set_header Host $host;
set $Real $proxy_add_x_forwarded_for;
if ( $Real ~ (\d+)\.(\d+)\.(\d+)\.(\d+),(.*) ){
set $Real $1.$2.$3.$4;
}
proxy_set_header X-real-ip $Real;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root /usr/share/nginx/html;
root /mnt/gdapros;
index index.html index.htm;
}
location /gateway2/ {
proxy_pass http://gatewayip:端口/;
proxy_set_header Host host:server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
proxy_intercept_errors on;#打开错误拦截
}
}