今天发现了一个问题,就是在反代过程中,https跟http只能单一反代!
不能自适应协议,也不支持协议变量,各种百度啊,两个钟头,测试了各种,都不适用宝塔,
第一种就是建两个server,80与443端口分开。
不过这样代码比较长,不利于维护,第二种,加一个判断,比较简单,宝塔需要手动修改,不能傻瓜设置!
我下面只贴主要代码!

第一种

server
{
    listen 80;
    server_name www.yeguobiji.com yeguobiji.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.yeguobiji.com;

    location / 
    {
        proxy_pass http://www.yeguobiji.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化连接相关配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }

}
server
{
    listen 443 ssl http2;
    server_name www.yeguobiji.com yeguobiji.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.yeguobiji.com;
  • SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则

    #error_page 404/404.html;
    ssl_certificate    /etc/letsencrypt/live/www.yeguobiji.com/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/www.yeguobiji.com/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    location / 
    {

        proxy_pass https://www.yeguobiji.com;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化连接相关配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }
}
server
{
    listen 80;
    listen 443 ssl http2;
    server_name www.yeguobiji.com yeguobji.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.yeguobiji.com;

    location / 
    {
        if ($server_port = 80){
            proxy_pass http://www.yeguobiji.com;
        }
        if ($server_port = 443){
            proxy_pass https://www.yeguobiji.com;
        }
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
             
        #持久化连接相关配置

        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }

}
最后编辑:2020年01月10日 ©著作权归作者所有

发表评论

正在加载 Emoji