Centos 寶塔面板 配置nginx https 和 websocket 協議
阿新 • • 發佈:2019-05-02
/***配置檔案**/ server { listen 443 ssl; server_name www.ng67.cn; ssl on; index index.php index.html index.htm default.php default.htm default.html; #SSL-START SSL相關配置,請勿刪除或修改下一行帶註釋的404規則 #error_page 404/404.html; #HTTP_TO_HTTPS_END ssl_certificate /etc/letsencrypt/live/www.ng67.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.ng67.cn/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; #SSL-END #ERROR-PAGE-START 錯誤頁配置,可以註釋、刪除或修改 error_page 404 /404.html; error_page 502 /502.html; #ERROR-PAGE-END #PHP-INFO-START PHP引用配置,可以註釋或修改 #PROXY-START location / { proxy_pass http://www.ng67.cn:8765; } location /ws { proxy_pass http://localhost:8765; proxy_read_timeout 60s; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'Upgrade'; } location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml)?$ { proxy_set_header Host $host/*; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_pass http://www.ng67.cn:8765; } location ~ .*\.(html|htm|png|gif|jpeg|jpg|bmp|js|css)?$ { proxy_set_header Host $host/*; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_pass http://www.ng67.cn:8765; #快取相關配置 #proxy_cache cache_one; #proxy_cache_key $host$request_uri$is_args$args; #proxy_cache_valid 200 304 301 302 1h; expires 24h; } #PROXY-END include enable-php-00.conf; #PHP-INFO-END #REWRITE-START URL重寫規則引用,修改後將導致面板設定的偽靜態規則失效 include /www/server/panel/vhost/rewrite/www.ng67.cn.conf; #REWRITE-END #禁止訪問的檔案或目錄 location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) { return 404; } #一鍵申請SSL證書驗證目錄相關設定 location ~ \.well-known{ allow all; } access_log /www/wwwlogs/www.ng67.cn.log; error_log /www/wwwlogs/www.ng67.cn.error.log; }
實際上是同SSL 同時實現兩個反向代理:
1,訪問https 時代理到 http://domain:指定埠上
2,訪問 /ws 時http 升級到 wss 協議,反向代理到webs