公司一个项目html页面被放了各种广告,查了一下基本确定是DNS劫持的问题。解决办法就是将http请求更换为https证书加密,但是早期版本又不能切断通过http的访问,所以在开启https的前提下对http做重定向。证书配置这里不写。
nginx version: 1.2.1
具体配置:
针对https的配置
server {
listen 443;
server_name xxx.xxx.com;
index / ;
root /software/xxx/webapps;
set $root 'xxx';
location /
{
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass http://xxx.test;
}
#配置Nginx动静分离,定义的静态页面直接从Nginx发布目录读取。
location ~ .*\.(html|htm|gif|jpg|jpeg|bmp|png|ico|txt|js|css|xls|xml|OTF|ttf)$
{
root /software/xxx/webapps;
#edxpires定义用户浏览器缓存的时间为3天,如果静态页面不常更新,可以设置更长,这样可以节省带宽和缓解服务器的压力
expires 3d;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/xxx.xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.xxx.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
}
upstream xxx.test {
server 10.xx.xx.156:8888 max_fails=3 fail_timeout=30s;
}
针对http的配置
server {
listen 80;
server_name xxx.xxx.com;
rewrite ^/(.*) https://$server_name$request_uri? permanent;
}
写在同一个配置文件中由nginx.conf引入即可