nginx增加https ssl 及判断手机浏览器
#user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
fastcgi_intercept_errors on;
error_page 502 = /index.html;
log_format main '$remote_addr $cookie_logCookie $cookie_loginId [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1K;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
proxy_set_header X-Nginx-Scheme $scheme;
client_max_body_size 300m;
proxy_headers_hash_bucket_size 1024;
proxy_headers_hash_max_size 512;
server
{
listen 80;
server_name s.test.com;
rewrite ^(.*)$ https://s.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name en.test.com;
rewrite ^(.*)$ https://en.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name mall.test.com;
rewrite ^(.*)$ https://mall.test.com$1 permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name cn.test.com;
rewrite ^(.*)$ https://mall.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name m.test.com;
rewrite ^(.*)$ https://mall.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name piwik.test.com;
rewrite ^(.*)$ https://piwik.test.com permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 80;
server_name ~^.*\.test\.com$ www.test.com;
rewrite ^(.*)$ https://www.test.com$1 permanent;
# charset utf-8,gbk;
# location /
# {
# index index.html index.htm index.jsp;
# proxy_pass http://;
# proxy_redirect off;
# }
}
server
{
listen 443 ssl;
server_name s.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location ^~ /upgrade/
{
index index.html index.htm index.jsp;
proxy_pass http://10.1.211.87:8089/;
proxy_redirect off;
}
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
proxy_pass http://10.1.210.10:7002;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 443 ssl;
server_name en.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
proxy_pass http://en.test.com;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 443 ssl;
server_name mall.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
proxy_pass http://mall.test.com;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 443 ssl;
server_name cn.test.com;
rewrite ^(.*)$ https://mall.test.com permanent;
}
server
{
listen 443 ssl;
server_name m.test.com;
rewrite ^(.*)$ https://mall.test.com permanent;
}
server
{
listen 443 ssl;
server_name piwik.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
proxy_pass http://piwik.test.com;
}
}
server
{
listen 443 ssl;
server_name ~^.*\.test\.com$ www.test.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/testcomClass2.crt;
ssl_certificate_key /usr/local/nginx/conf/testcomClass2.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
charset utf-8,gbk;
location /
{
index index.html index.htm index.jsp;
if ($request_uri ~* \.(css|js|gif|png|jpg|jpeg))
{
add_header Cache-Control "max-age=2592000";
}
if ( $http_user_agent ~* "Mobile" ){
proxy_pass http://10.1.210.10:7002;
}
proxy_pass http://www.test.com;
}
}
}