admin管理员组文章数量:1642435
if ( $http_host ~* "zh" ) {
set $domain "zh";
}
if ( $http_host ~* "jp" ) {
set $domain "jp";
}
root /url/$domain;
$http_accept_language浏览器设置的语言
rewrite ^/$ /m redirect;
last : 不执行此location
break : 不执行下面的location
redirect : 返回302临时重定向(默认)
permanent : 返回301永久重定向,无证书后会报错
rewrite ^(.*)$ https://$http_host$request_uri
curl -I查看响应头
$remote_addr ip地址
http转https
server {
listen 443 ssl;
server_name s.xu;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
root /code;
location / {
index index.html;
}
}
server {
listen 80;
server_name s.xu;
return 302 https://$http_host$request_uri;
}
通过uri跳转其他https域名
web01
server {
listen 443 ssl;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
server_name s.xu;
root /code;
location / {
index index.html;
}
}
web02
server {
listen 80;
server_name www.xu;
root /code;
location / {
index index.html;
}
location /login {
return 302 https://s.xu;
}
}
通过uri从https跳转到http
server {
listen 443 ssl;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
server_name s.xu;
root /code;
location / {
index index.html;
}
}
server {
listen 80;
server_name s.xu;
if ( $request_uri != '/abc') {
return 302 https://$http_host$request_uri;
}
}
ssl_session_cache shared:SSL:10m; #在建立完ssl握手后如果断开连接,在session_timeout时间内再次连接,是不需要在次建立握手,可以复用之前的连接
ssl_session_timeout 1440m; #ssl连接断开后的超时时间(24小时)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用的TLS版本协议
ssl_prefer_server_ciphers on; #Nginx决定使用哪些协议与浏览器进行通讯
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #配置加密套间
接入负载均衡
upstream ssl {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 443 ssl;
server_name ssl.xu;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://ssl;
include proxy_params;
}
}
server {
listen 80;
server_name ssl.xu;
return 302 https://$http_host$request_uri;或者$server_name
}
server {
listen 80;
server_name ssl.xu;
root /code;
location / {
index index.html;
}
}
多if判断请求头响应结果
if ( $http_appName ~* "^$" ) {
return 504;
}
set $flag 0;
if ( $http_appName !~* "^yqms*" ) {
set $flag "${flag}1";
}
if ( $request_uri ~* "^/yqms_\*/" ) {
set $flag "${flag}2";
}
if ( $request_uri ~* "^/y\*/" ) {
set $flag "${flag}2";
}
if ( $request_uri ~* "^/yqms_\*_\*/" ) {
set $flag "${flag}2";
}
if ( $flag = "012" ) {
return 504;
}
版权声明:本文标题:rewrite https 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/dianzi/1729336330a1197029.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论