admin管理员组

文章数量:1642335

if ( $http_host ~* "zh" ) {
	set $domain "zh";
}


if ( $http_host ~* "jp" ) {
	set $domain "jp";
}
root /url/$domain;

$http_accept_language浏览器设置的语言
rewrite ^/$ /m redirect;
last : 不执行此location
break : 不执行下面的location
redirect : 返回302临时重定向(默认)
permanent : 返回301永久重定向,无证书后会报错
rewrite ^(.*)$ https://$http_host$request_uri
curl -I查看响应头
$remote_addr ip地址

http转https

server {
	listen 443 ssl;
	server_name s.xu;
	ssl_certificate ssl_key/server.crt;
	ssl_certificate_key ssl_key/server.key;
	root /code;

	location / {
		index index.html;
	}
}
server {
	listen 80;
	server_name s.xu;
	return 302 https://$http_host$request_uri;
}

通过uri跳转其他https域名

web01
server {
	listen 443 ssl;
	ssl_certificate ssl_key/server.crt;
	ssl_certificate_key ssl_key/server.key;
	server_name s.xu;
	root /code;

	location / {
		index index.html;
	}
}

web02
server {
	listen 80;
	server_name www.xu;
	root /code;

	location / {
		index index.html;
	}

	location /login {
		return 302 https://s.xu;
	}
}

通过uri从https跳转到http

server {
        listen 443 ssl;
        ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        server_name s.xu;
        root /code;

        location / {
                index index.html;
        }
}
server {
        listen 80;
        server_name s.xu;
        if ( $request_uri != '/abc') {
                return 302 https://$http_host$request_uri;      
        }       
}

ssl_session_cache shared:SSL:10m; #在建立完ssl握手后如果断开连接,在session_timeout时间内再次连接,是不需要在次建立握手,可以复用之前的连接
ssl_session_timeout 1440m;           #ssl连接断开后的超时时间(24小时)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用的TLS版本协议
ssl_prefer_server_ciphers on;        #Nginx决定使用哪些协议与浏览器进行通讯
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #配置加密套间

接入负载均衡

upstream ssl {
	server 172.16.1.7:80;
	server 172.16.1.8:80;
}
server {
	listen 443 ssl;
	server_name ssl.xu;
	ssl_certificate ssl_key/server.crt;
	ssl_certificate_key ssl_key/server.key;
	
	location / {
		proxy_pass http://ssl;
		include proxy_params;
	}
}
server {
	listen 80;
	server_name ssl.xu;
	return 302 https://$http_host$request_uri;或者$server_name
}

server {
	listen 80;
	server_name ssl.xu;
	root /code;
	
	location / {
		index index.html;
	}
}

多if判断请求头响应结果

                if ( $http_appName ~* "^$" ) {
                        return 504;
                        }
                set $flag 0;
                if ( $http_appName !~* "^yqms*" ) {
                        set $flag "${flag}1";
                        }
                if ( $request_uri ~* "^/yqms_\*/" ) {
                        set $flag "${flag}2";
                        }
                if ( $request_uri ~* "^/y\*/" ) {
                        set $flag "${flag}2";
                        }
                if ( $request_uri ~* "^/yqms_\*_\*/" ) {
                        set $flag "${flag}2";
                        }
                if ( $flag = "012" ) {
                        return 504;
                        }

本文标签: RewriteHTTPS

版权声明:本文标题:rewrite https 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dianzi/1729336330a1197029.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。