xuelangosK零S- 已编辑
主配置文件nginx.conf下http模块下添加map映射
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}xxx.conf
upstream ks {
server xxxx:30880;
server xxxx:30880;
server xxxx:30880;
}
server {
listen 80 ;
server_name xxxx;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate /etc/nginx/ssl/xxxx.pem;
ssl_certificate_key /etc/nginx/ssl/xxxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;
ssl_ciphers ECDHE-RSA-AES128-SHA:AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA;
location / {
proxy_pass http://ks;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $request_id;
proxy_next_upstream error timeout;
proxy_http_version 1.1;
access_log /opt/logs/nginx/xxxx_access.log main;
error_log /opt/logs/nginx/xxxx_error.log;
}
# error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}