作者:亚艾元技术部
使用100.110.10.123 作为默认的主机,使用100.110.10.122作为备份。
upstream mysite { server 100.110.10.122 backup; server 100.110.10.123; } server { listen 80; server_name example.com www.example.com; return 301 https://www.example.com$request_uri; #重定向到Https location / { proxy_pass http://mysite; } } server { listen 443 default ssl; server_name example.com www.example.com; ssl_certificate cert/example.com.pem; ssl_certificate_key cert/example.com.key; ssl_session_timeout 5m; ssl_ciphers ********; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; #charset koi8-r; #access_log /var/log/nginx/host.access.log main; location / { proxy_pass http://mysite; } proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
设置https的时候,最好将http重定向到https。
return 301 https://www.example.com$request_uri; #重定向到Https
由于设置了代理,我们需要将客户的原来IP传递到后台服务器:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;