0%

全站 HTTPS 改造方案

实例仅供参考

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# http 自动跳转 https
server {
listen xxxx:80;
server_name xxxx.com;
return 301 https://$server_name$request_uri;
}

server {
listen xxxx:443 ssl;
server_name xxxx.com;

access_log /usr/local/nginx/logs/access.log;
error_log /usr/local/nginx/logs/error.log;

client_max_body_size 512m;

ssl on;
ssl_certificate /usr/local/nginx/conf/domain.cert;
ssl_certificate_key /usr/local/nginx/conf/domain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

# ============================ xxxx ============================
# PAAS_SERVICE HOST/PORT
location / {
proxy_pass http://SSL_OPEN;
proxy_pass_header Server;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_read_timeout 600;
}
.........
}