Rewrite must specify the same domain name as the SSL certificate. If the certificate contains WWW, the WWW cannot be omitted
server {
listen 80;
server_name html.cn www.html.cn qh.html.cn;
rewrite ^/(.*)$ https://html.cn:443/$1permanent; # convert HTTP domain name requests to HTTPS}Copy the code
user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; events { worker_connections 65535; The maximum number of open handles in the operating system multi_accept on; # event Use epoll to accept as many connections as possible after receiving a new connection notification; HTTP {include /etc/nginx/mime.types; Default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; Enable efficient file transfer mode. Tcp_nopush and tcp_nodelay prevent network and disk I/O congestion and improve nginx working efficiency. sendfile on; # Packets are not immediately sent out. When the maximum number of packets is reached, they are sent out at once, which helps to solve network congestion. tcp_nopush on; Tcp_nodelay on tcp_nodelay on tcp_nodelay on tcp_nodelay on tcp_nodelay on # limit_conn_zone $binary_remote_addr zone= perIP :10m; # limit_conn_zone $server_name zone=perserver:10m; # limit_conn perip 2; # limit_conn perServer 20; # limit_rate 300K; Server_names_hash_bucket_size 128; server_names_hash_max_size 512; Keepalive_timeout 65; client_header_timeout 15s; client_body_timeout 15s; send_timeout 60s; Proxy_cache_path /data/nginx-cache levels=1:2 keys_zone=nginx-cache:20m max_size= 50G Inactive =168h; Client_body_buffer_size 512K; Client_header_buffer_size 4k; client_header_buffer_size 4k; client_max_body_size 512k; large_client_header_buffers 2 8k; proxy_buffer_size 16k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; Proxy_next_upstream http_502 http_504 http_404 error timeout inVALID_header; gzip on; gzip_min_length 100k; Gzip_buffers 4 16k from the content-length of the header; # compress buffer size. The default value is to allocate the same size of memory as the original data to store gzip_http_version 1.1. Gzip_comp_level 5 (default 1.1, 1.0 for squid2.5) # Compression ratio. Gzip: specifies the gzip compression ratio. 1 indicates the smallest compression ratio and the fastest processing speed. gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; The "text/ HTML" type will always be compressed. This is the media type discussed in the HTTP Principles section. gzip_vary on; # support. This option lets the front-end cache server cache gzip-compressed pages, such as Squid cache nginx-compressed data gzip_static on; # nginx will match your gzip file first and return gzip_disable "MSIE [1-6] "if not. Gzip IE6 include /etc/nginx/conf.d/*.conf; # config file address}Copy the code
server_tokens off; server { listen 80; server_name html.cn www.html.cn qh.html.cn; rewrite ^/(.*)$ https://html.cn:443/$1 permanent; 443 listen 443 SSL; # Enter the domain name of the binding certificate server_name html.cn www.html.com qh. # certificate file name ssl_certificate/etc/nginx/SSL/HTML. Cn/HTML cn_bundle. CRT; # the private key file name ssl_certificate_key/etc/nginx/SSL/HTML. Cn/HTML. Cn. The key; ssl_session_timeout 5m; Ssl_protocols TLSv1.2 TLSv1.3 ssl_protocols TLSv1.2 Configure the encryption suite as follows, written in accordance with the OpenSSL standard. ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE; ssl_prefer_server_ciphers on; Location / {# site home page path. This directory is for reference only. For details, follow the actual directory. For example, if your website runs under /etc/www, enter /etc/www. root /usr/share/nginx/html; index index.html index.htm; # if ($request_filename ~* ^.*? .(gif|jpg|jpeg|png|bmp|swf)$){ # # add_header Cache-Control no-cache; # add_header Cache-Control max-age=1h; # # expires 30d; # } # add_header Cache-Control private; } location ~ .*.(eot|svg|ttf|woff|jpg|jpeg|gif|png|ico|cur|gz|svgz|mp4|ogg|ogv|webm) { proxy_cache nginx-cache; proxy_cache_valid 200 304 302 1h; proxy_cache_key '$host:$server_port$request_uri'; add_header X-Cache '$upstream_cache_status from $host'; Root/usr/share/nginx/html; expires 30d; #} the location ~ 30 days cache. *. (js) | CSS? $ { proxy_cache nginx-cache; proxy_cache_valid 200 304 302 1h; proxy_cache_key '$host:$server_port$request_uri'; add_header X-Cache '$upstream_cache_status from $host'; Root/usr/share/nginx/html; expires 1h; } location ^~/api/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forworded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:4399/; # redirect Server error pages to the static page /50x.html error_page 500 502 503 504/50x.html; location = /50x.html { root /usr/share/nginx/html; }}Copy the code
Vue optimized articles recommended juejin.cn/post/702393…