| 2018.5.21 | nginx |
http {
upstream x5.app.com {
ip_hash;
server 10.177.196.120:8080;
server 10.177.196.121:8080;
}
server {
listen 443 ssl;
server_name app_server;
ssl_certificate server.pem;
ssl_certificate_key server.key;
ssl on;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://x5.app.com;
}
}
server {
listen 80;
server_name app_server;
rewrite ^(.*)$ https://$host$1 permanent;
}
}
这样即可访问 http://192.168.1.188 默认80端口可省略 https://192.168.1.188 默认443端口可省略
这样访问http://x5.app.com或https://x5.app.com都可以跳转到https://x5.app.com
1.
<Connector port="8080" URIEncoding="utf-8" maxHttpHeaderSize="8192" compression="on"
maxThreads="150" minSpareThreads="3" maxSpareThreads="15"
enableLookups="false" redirectPort="443" acceptCount="300"
compressionMinSize="10" connectionTimeout="30000" disableUploadTimeout="true"
compressableMimeType="text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript,application/xml,application/json">
</Connector>
2.
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:\xfj\BeX5_V3.7\java\jre1.8\bin\keystore.jks" keystorePass="111111" />
其中第1段中redirectPort=”443”需要和第2段的port对应,redirectPort是在资源请求https的时候,会跳转到该端口中,即第2段中进行加密访问资源, 这样可以同时用8080和443访问,http://localhost:8080和https://localhost:443(443可省略)
location / {} : 通用匹配,任何请求都会匹配到
location = / {} : 精确匹配,即根路径
location ^~ /static/ {} : 匹配以/static/开头的路径
rewrite指令
语法:rewrite regex replacement [flag]; flag标志可以停止继续处理
^ : 匹配输入字符串的起始位置
regex部分是 ^/(.*) ,这是一个正则表达式,匹配完整的域名和后面的路径地址
多个location配置的情况下匹配顺序为(仅供参考):
首先匹配 =,其次匹配^~, 其次是按文件中顺序的正则匹配,最后是交给 / 通用匹配。当有匹配成功时候,停止匹配
更新列表:
参考文章: