user nginx;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
fastcgi_buffers 8 300k;
server_names_hash_bucket_size 256;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
proxy_ignore_client_abort on;
client_max_body_size 50m;
client_body_buffer_size 256k;
client_header_timeout 60;
client_body_timeout 60;
send_timeout 60;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
proxy_connect_timeout 60;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
upstream demo
{
ip_hash;
server 127.0.0.1:8800 weight=1 max_fails=3 fail_timeout=30;
keepalive 16;
}
server {
listen 80;
server_name www.demo.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443;
server_tokens off;
server_name www.demo.com;
charset utf-8;
ssl on;
ssl_certificate ssl_key/1_demo.com_bundle.crt;
ssl_certificate_key ssl_key/2_demo.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
access_log logs/access.log main;
root html;
index index.jsp index.html index.htm;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://demo/;
}
}
include vhosts/*.conf
评论