Nginx http强制跳转https

Nginx虚拟主机配置文件

upstream fn-traefik-ui {
      server 172.16.84.116:80;
      server 172.16.184.211:80;
      server 172.16.184.190:80;
}

server {
    listen 443 ssl;
    server_name www.baidu.com;

    ssl_certificate      /opt/soft/nginx/conf/ssl/all.baidu.com.crt;
    ssl_certificate_key  /opt/soft/nginx/conf/ssl/all.baidu.com.key;

    include https_set.conf;

    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_connect_timeout      120;
        proxy_send_timeout         120;
        proxy_read_timeout         120;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        add_header X-Frame-Options ALLOWALL;
        proxy_pass http://fn-traefik-ui/;
     }


    error_log  logs/sp-2_error.log notice;
}

server {
    listen 80;
    server_name www.baidu.com;
    location / {
        return 301 https://$host$request_uri;
    }
}

配置文件/opt/soft/nginx/conf/https_set.conf

ssl_session_tickets  on;
ssl_session_cache    shared:SSL:10m;
ssl_session_timeout  60m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384;
#ssl_ciphers No RSA or DHE;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256::ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384;
ssl_prefer_server_ciphers  on;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_protocols  TLSv1.2 TLSv1.1;
proxy_ignore_client_abort on;
add_header X-XSS-Protection 1;
#add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security max-age=31536000;
add_header Set-Cookie "HttpOnly";
add_header Set-Cookie "Secure";

error_page 400  402 403 404 408 410 412 413 414 415 500 501 502 503 506 /weihu.html;
location = /weihu.html {
    root   /opt/soft/nginx/html;
}

if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$) {
    return 400;
}
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容