- server {
- listen 9090;
- listen 80;
- listen 443 ssl;
- server_name oa.sss.ltd www.sss.ltd sss.ltd;
- client_max_body_size 1000M;
- #ssl on;
- ssl_certificate /usr/local/openresty/nginx/cert/7872169__sss.ltd.pem;
- ssl_certificate_key /usr/local/openresty/nginx/cert/7872169__sss.ltd.key;
- ssl_session_timeout 5m;
- ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- root /home/web/hhmis;
-
- location / {
- try_files $uri $uri/ /index.html;
- }
-
- location ~* ^.+\.(ico|gif|jpg|jpeg|png)$ {
- access_log off;
- expires 30d; #天
- }
-
- location ~* ^.+\.(css|js|txt|xml|swf|wav)$ {
- access_log off;
- expires 24h; #小时
- }
-
- location ~* ^.+\.(html|htm)$ {
- expires 1h;
- }
-
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root html;
- }
-
- }
server_name中默认有localhost,因此上面用nginx的ip访问9090端口也是通的,另外80和443的localhost没有单独配置因此默认会走最上面第一个配置80和443的配置
这错误是因为配置多端口时配置默认开启ssl导致的
采用下面的配置即可以支持多端口又避免全部走https
- server {
- listen 8080;
- listen 443 ssl;
- server_name acb.ttt.gg;
- charset UTF-8;
- #ssl on;
- ssl_certificate /ssl/acb.ttt.gg.pem;
- ssl_certificate_key /ssl/acb.ttt.gg.key;
- ssl_session_timeout 5m;
- ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- 配置域名53443支持https,但是这样就不能http加域名拼接端口了,因为同一个域名下同一端口只能一种协议
- server {
- listen 443 ssl http2;
- listen 53443 ssl http2;
- server_name eee.sss.ltd;
-
- server {
- listen 80;
- server_name *.easex.cn;
- return 301 https://$http_host$request_uri;
- }