server {
listen 443 ssl;
#填写绑定证书的域名
server_name 域名/子域名;
# 配置日志文件
access_log /srv/logs/nginx/xxx_access.log;
error_log /srv/logs/nginx/xxx_error.log error;
#证书文件名称
ssl_certificate /etc/nginx/certs/chat.mayanan.cn_nginx/chat.mayanan.cn_bundle.crt;
#私钥文件名称
ssl_certificate_key /etc/nginx/certs/chat.mayanan.cn_nginx/chat.mayanan.cn.key;
ssl_session_timeout 60m; #
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
# 因为docker内部,所以不能访问宿主机的127.0.0.1
# proxy_pass http://127.0.0.1:8000/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://内网IP:PORT;
}
# 支持websocket的配置项
location ^~ /chat { # 注意此处是http转成websocket的url
proxy_pass http://内网IP:PORT;
# WebScoket Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_read_timeout 3600s; # 设置过期时间一个小时
proxy_set_header Origin ""; # Nginx反向代理WebSocket响应403的解决办法
}
}
server {
listen 80;
server_name 域名/子域名;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
