接上一篇,部署一個普通的Https專案。
upstream api_pro { server 127.0.0.1:8001 weight=10 max_fails=2 fail_timeout=30s; } server { listen 80; server_name api.你的域名.com; rewrite ^(.*)$ https://$host$1 permanent; } server { listen 443 ssl; server_name api.你的域名.com; #SSL證書 ssl_certificate /usr/local/nginx/conf/ca/api.你的域名.com/api.你的域名.com_bundle.pem; ssl_certificate_key /usr/local/nginx/conf/ca/api.你的域名.com/api.你的域名.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; #Nginx日誌 access_log /usr/local/nginx/logs/api.你的域名.local/api.你的域名.local_access.log main; error_log /usr/local/nginx/logs/api.你的域名.local/api.你的域名.local_error.log warn; location / { proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://api_pro; #WebSocket support (nginx 1.4) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /logs/ { autoindex off; deny all; } }