全站升级https

 

公司要求升级http为https，这个容易。

ws升级为wss坑了。留一份，不然下次查资料心力交瘁。

7台服务统一按这个格式配就行了，我不知道为啥这样配就行了，之前怎么都不对~~

server { # listen 80; #如果需要同时支持http和https listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/key/STAR.xxx.crt; ssl_certificate_key /etc/nginx/key/STAR.xxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server_name {域名1}; location / { proxy_pass http://{ip1}:{port1}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } #================================================================================= server { # listen 80; #如果需要同时支持http和https listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/key/STAR.xxx.crt; ssl_certificate_key /etc/nginx/key/STAR.xxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server_name {域名2}; location / { proxy_pass http://{ip2}:{port2}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } #================================================================================= server { # listen 80; #如果需要同时支持http和https listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/key/STAR.xxx.crt; ssl_certificate_key /etc/nginx/key/STAR.xxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server_name {域名3}; location / { proxy_pass http://{ip3}:{port3}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } #================================================================================= server { # listen 80; #如果需要同时支持http和https listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/key/STAR.xxx.crt; ssl_certificate_key /etc/nginx/key/STAR.xxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server_name {域名4}; location / { proxy_pass http://{ip4}:{port4}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } #================================================================================= server { # listen 80; #如果需要同时支持http和https listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/key/STAR.xxx.crt; ssl_certificate_key /etc/nginx/key/STAR.xxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server_name {域名5}; location / { proxy_pass http://{ip5}:{port5}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } #================================================================================= server { # listen 80; #如果需要同时支持http和https listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/key/STAR.xxx.crt; ssl_certificate_key /etc/nginx/key/STAR.xxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server_name {域名6}; location / { proxy_pass http://{ip6}:{port6}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } #================================================================================= server { # listen 80; #如果需要同时支持http和https listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/key/STAR.xxx.crt; ssl_certificate_key /etc/nginx/key/STAR.xxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server_name {域名7}; location / { proxy_pass http://{ip7}:{port7}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }

！！真的该去吃饭了