# 配置支持https协议的ssl证书 user nginx; worker_processes 4; error_log /var/log/nginx/ warn; pid /var/run/; events { worker_connections 1024; } http { include /etc/nginx/; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/ main; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; server { listen 443; #监听的端口 server_name 你的域名（不带www）; ssl on; #crt的全路径 ssl_certificate /etc/cert/; #key的全路径 ssl_certificate_key /etc/cert/ ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; #这是主页访问地址，因为使用的是静态的html网页，所以直接使用location就可以完成了。 location / { root /usr/share/nginx/html;#站点目录 index ; } location /xxx/ { proxy_pass http://127.0.0.1:8081/xxx/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 80; #有可能客户端访问的是http，所以需要将http的请求转发到443 server_name 你的域名; rewrite ^/(.*)$ https:/你的域名:443/$1 permanent; } include /etc/nginx//*.conf; }