server {
listen 80;
#listen 443 ssl;
server_name *.*.com;
#rewrite ^(.*)$ https://$host$1 permanent;
gzip on;
gzip_static on; # 需要http_gzip_static_module 模块
gzip_min_length 1k;
gzip_comp_level 4;
gzip_proxied any;
gzip_types text/plain text/xml text/css;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
#ssl_certificate /etc/nginx/cert/wxtest.hfkmyl.com.pem;
#ssl_certificate_key /etc/nginx/cert/wxtest.hfkmyl.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 8M;#(配置请求体缓存区大小, 不配的话)
client_body_buffer_size 128k;#(设置客户端请求体最大值)
fastcgi_intercept_errors on;
# 若新增后端路由前缀注意在此处添加(|新增)
location / {
proxy_pass http://*:8100;
proxy_connect_timeout 150s;
proxy_send_timeout 150s;
proxy_read_timeout 150s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# 避免端点安全问题
if ($request_uri ~ "/actuator"){
return 403;
}
}标签:set,ssl,header,nginx,add,proxy,转发,gzip From: https://blog.51cto.com/u_15460722/6236789