[svc]nginx集群https访问配置

实现用户访问maotai.com,直接重定向到https://www.maotai.com

1. maotai.com www.maotai.com2. http://www.maotai.com https://www.maotai.com

nginx-lb

• nginx-lb证书生成

用户--nginx(证书)--nginx--tomcat

mkdir /data/;cd /data/openssl req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout domain.key -out domain.crt -subj "/CN=www.maotai.com"

• 启动nginx-lb

docker run ?-d ????--net=host ????--restart=always ????-v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro ????-v /etc/localtime:/etc/localtime:ro ????-v /data:/data ????--name nginx nginx

worker_processes auto;worker_rlimit_nofile 65535;# pid logs/nginx.pid;events { ???use epoll; ???worker_connections ?51200;}http { ???include mime.types; ???default_type application/octet-stream; ???log_format main '$remote_addr $remote_user [$time_local] "$request" $http_host ' ???'$status $upstream_status $body_bytes_sent "$http_referer" ' ???'"$http_user_agent" $ssl_protocol $ssl_cipher $upstream_addr ' ???'$request_time $upstream_response_time'; ???server_name_in_redirect off; ???client_max_body_size 80m; ???client_header_buffer_size 16k; ???large_client_header_buffers 4 16k; ???sendfile on; ???tcp_nopush on; ???keepalive_timeout 65; ???server_tokens on; ???gzip on; ???gzip_min_length 1k; ???gzip_buffers 4 16k; ???gzip_proxied any; ???gzip_http_version 1.1; ???gzip_comp_level 3; ???gzip_types text/plain application/x-javascript text/css application/xml; ???gzip_vary on; ???# 80-80# ???server {# ???????listen ??????80;# ???????server_name ?www.maotai.com;# ???????proxy_connect_timeout 1s;# ???????# proxy_read_timeout 600;# ???????# proxy_send_timeout 600;# ???????proxy_buffer_size 128k;# ???????proxy_buffers 4 256k;# ???????proxy_busy_buffers_size 256k;# ???????location / {# ???????????proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;# ???????????proxy_pass http://192.168.14.11:80;# ???????????proxy_set_header Host $host;# ???????????proxy_set_header X-Real-IP $remote_addr;# ???????????proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;# ???????}## ???} ???#443-8080 ???server { ???????listen ??????443 ssl; ???????server_name ?www.maotai.com; ???????ssl on; ???????ssl_certificate ????/data/domain.crt; ???????ssl_certificate_key /data/domain.key; ???????server_name web-https; ???????proxy_connect_timeout 1s; ???????# proxy_read_timeout 600; ???????# proxy_send_timeout 600; ???????proxy_buffer_size 128k; ???????proxy_buffers 4 256k; ???????proxy_busy_buffers_size 256k; ???????location / { ???????????proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504; ???????????proxy_pass http://192.168.14.11:8080; ???????????proxy_set_header Host $host; ???????????proxy_set_header X-Real-IP $remote_addr; ???????????proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ???????} ???}}stream { ???log_format log_stream [$time_local] $protocol $status $bytes_sent $bytes_received $session_time; ???access_log /var/log/nginx/access.log log_stream; ???error_log ?/var/log/nginx/error.log; ???server { ???????listen ?????????????????80; ???????proxy_timeout ??????????600s; ???????proxy_pass ?????????????192.168.14.11:80; ???}}

nginx配置

worker_processes ?1;events { ???worker_connections ?1024;}http { ???include ??????mime.types; ???default_type ?application/octet-stream; ???sendfile ???????on; ???keepalive_timeout ?65; ???server { ???????listen ??????80; ???????server_name ?www.maotai.com; ???????proxy_connect_timeout 1s; ???????# proxy_read_timeout 600; ???????# proxy_send_timeout 600; ???????proxy_buffer_size 128k; ???????proxy_buffers 4 256k; ???????proxy_busy_buffers_size 256k; ???????location / { ???????????proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504; ???????????proxy_pass http://127.0.0.1:8080; ???????????proxy_set_header Host $host; ???????????proxy_set_header X-Real-IP $remote_addr; ???????????proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ???????} ???????if ($request_uri !~ ?(/wechat|/supervisor|/front/account/inviteSpread|/front/thirdParty/thirdPartyAction/netLoanHome)) { ???????????rewrite ^/(.*) https://www.maotai.com/$1 permanent; ???????} ???} ???server { ???????listen ?80; ???????server_name maotai.com; ???????rewrite ^/(.*) http://www.maotai.com/$1 permanent; ???}}