作者:亚艾元技术部
使用100.110.10.123 作为默认的主机,使用100.110.10.122作为备份。
upstream mysite {
server 100.110.10.122 backup;
server 100.110.10.123;
}
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri; #重定向到Https
location / {
proxy_pass http://mysite;
}
}
server {
listen 443 default ssl;
server_name example.com www.example.com;
ssl_certificate cert/example.com.pem;
ssl_certificate_key cert/example.com.key;
ssl_session_timeout 5m;
ssl_ciphers ********;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://mysite;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
设置https的时候,最好将http重定向到https。
return 301 https://www.example.com$request_uri; #重定向到Https
由于设置了代理,我们需要将客户的原来IP传递到后台服务器:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
