一段完整的nginx反向代理apache并设置ssl证书代码(强制跳转https)
- server {
- listen 80;
- root /www/web/lib_tag/public_html;
- server_name lib.tag www.lib.gg lib.gg;
- rewrite ^(.*)$ https://$host$1 permanent;
- index index.html index.php index.htm;
- error_page 400 /errpage/400.html;
- error_page 403 /errpage/403.html;
- error_page 404 /errpage/404.html;
- error_page 503 /errpage/503.html;
- location ~ \.php$ {
- proxy_pass http://127.0.0.1:88;
- include naproxy.conf;
- }
- location ~ /\.ht {
- deny all;
- }
- location / {
- try_files $uri @apache;
- }
- location @apache {
- internal;
- proxy_pass http://127.0.0.1:88;
- include naproxy.conf;
- }
- access_log logs/lib.tag_access.log wwwlogs;
- }
- server {
- listen 443;
- root /www/web/lib_tag/public_html;
- ssl on;
- ssl_certificate cert/lib.tag.crt;
- ssl_certificate_key cert/lib.tag.key;
- ssl_prefer_server_ciphers on;
- ssl_session_timeout 10m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
- server_name lib.tag www.lib.gg lib.gg;
- index index.html index.php index.htm;
- error_page 400 /errpage/400.html;
- error_page 403 /errpage/403.html;
- error_page 404 /errpage/404.html;
- error_page 503 /errpage/503.html;
- location ~ \.php$ {
- proxy_pass http://127.0.0.1:88;
- include naproxy.conf;
- }
- location ~ /\.ht {
- deny all;
- }
- location / {
- try_files $uri @apache;
- }
- location @apache {
- internal;
- proxy_pass http://127.0.0.1:88;
- include naproxy.conf;
- }
- access_log logs/lib.tag_accesss.log wwwlogs;
- }