nginx支持http 和https共存

实验环境:

[root@node03 ~]# cat /etc/redhat-release 

CentOS release 6.6 (Final)

[root@node03 ~]# uname -a

Linux node03 2.6.32-504.el6.x86_64 #1 SMP Wed Oct 15 04:27:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

[root@node03 ~]#

主机IP地址:

ngixn 192.168.112.130

node01 192.168.112.128

node02 192.168.112.129

[root@node03 package]# ll -rth nginx-1.10.2.tar.gz 

-rw-r--r-- 1 root root 890K Dec  7 06:30 nginx-1.10.2.tar.gz

[root@node03 package]# 

nginx安装:

[root@node03 ~]# yum -y install pcre pcre-devel

[root@node03 nginx-1.10.2]#./configure --prefix=/usr/local/product/nginx1.10.2 --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre

[root@node03 ~]# 

配置文件:

[root@node03 conf]# vim nginx.conf

user  root;

worker_processes 4;

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

    #                  '$status $body_bytes_sent "$http_referer" '

    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;

    #tcp_nopush     on;

    #keepalive_timeout  0;

    keepalive_timeout  65;

    #gzip  on;

    server_tokens off;

   include /usr/local/nginx/conf/conf.d/*.conf;

}

[root@node03 conf]#

[root@node03 conf.d]# cat log.cloud.ucode.com.conf 

upstream log_cloud_backend {

        server 192.168.112.128:8080;

       server 192.168.112.129:8080;

}

server {

        listen          80;   #--------------->http请求

        listen          443 ssl;#-------------->https请求

        server_name     log.cloud.ucode.com;

        ssl_certificate       /usr/local/nginx/sslcrt/log/server.crt;#证书

        ssl_certificate_key   /usr/local/nginx/sslcrt/log/server.key;#解密证书的key

        ssl_protocols SSLv2 SSLv3 TLSv1;

        ssl_prefer_server_ciphers on;

        ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; 

        access_log  /usr/local/nginx/logs/log.cloud.ucode.com.log;

        error_log   /usr/local/nginx/logs/error.cloud.ucode.com.log;

        location / {

                proxy_set_header Host $http_host;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_pass http://log_cloud_backend;            

                proxy_http_version 1.1;  

                proxy_set_header Upgrade $http_upgrade;

                proxy_set_header Connection "Upgrade";

                proxy_redirect off;

        }

    }

[root@node03 conf.d]#

具体证书的申请这里就不在详细叙述，网上很多介绍,然后通过如下连接访问即可

http://log.cloud.ucode.com

https://log.cloud.ucode.com