526互联

nginx访问http自动跳转https

发布时间 2023-10-07 18:05:41作者: 骑着母猪去打猎
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

#这个指令是指当一个nginx 进程打开的最多文件描述符数目,理论值应该是最多打开文件数(ulimit -n)与nginx 进程数相除,但是nginx 分配请求并不是那么均匀,所以最好与ulimit -n 的值保持一致
#如果nginx 中worker_connections 值设置是1024,worker_processes 值设置是4,按反向代理模式下最大连接数的理论计算公式:
#最大连接数 = worker_processes * worker_connections / 4
#生产环境中worker_connections 建议值最好超过9000,计划将一台nginx 设置为10240,再观察一段时间
worker_rlimit_nofile 65535;
events {
    #默认最大的并发数为1024,如果你的网站访问量过大,已经远远超过1024这个并发数,那你就要修改worker_connecions这个值 ,这个值越大,并发数也有就大
    worker_connections  10240;
}

http {
	# 不显示 nginx 版本号
    server_tokens Off;
    
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    upstream tomcat_servers{
        server 10.1.1.1:22080 weight=1;
        server 10.1.1.2:22080 weight=1;
        server 10.1.1.3:22080 weight=1;
    }
	
    server {
        listen 80;
        listen 9443 ssl;
        server_name localhost;
        ssl_certificate ../cert/certificate.pem;
        ssl_certificate_key ../cert/certificate.key;
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
        ssl_prefer_server_ciphers off;            
     #   控制 HTTP 请求头部的缓冲区大小
        large_client_header_buffers 4 16k;

     #  开启HTTP严格传输安全HSTS
        add_header Strict-Transport-Security "max-age=30000000; preload";

        charset utf-8;

        #access_log  logs/host.access.log  main;

        if ( $scheme = http ) {
            return 301 https://$host:9443$request_uri;
        }
		
		location / {
            proxy_pass http://tomcat_servers;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_redirect http:// https://;
        }
		
		location /status668887655678tyuiohghjkjhhjwefjkasdffqwerqwff {
			allow 127.0.0.1;
			deny  all;
			stub_status on;
			access_log logs/status.log;
			auth_basic "NginxStatus";
		}

        error_page  404              /404.html;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}