一台机器上的nginx配置多个SSL域名-nginx-复制代码（fuzhicode.com）

【原创】一台机器上的nginx配置多个SSL域名

作者: whooyun发表于: 2018-11-15 17:05
#user  root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

	 server {
        listen       80;
        server_name  tt.com www.tt.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
        #
        ssl_certificate      /etc/letsencrypt/live/tt.com/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/tt.com/privkey.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

		
        location / {
            root   /usr/local/panda/front/dist/;
            index  index.html;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
   
    server {
        listen       443;
        server_name  merchant.xnyg.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
        #
        ssl_certificate      /etc/letsencrypt/live/tt.com/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/tt.com/privkey.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

		
        location / {
            root   /usr/local/panda/merchant/dist/;
            index  index.html;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
	
	


    # HTTPS server
    
    server {
        listen       443 ssl;
        server_name  api.tt.com;

        ssl_certificate      /etc/letsencrypt/live/tt.com/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/tt.com/privkey.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        location / {
	#            root   html;
         #   index  index.html index.htm;
			 proxy_redirect          off;    
             proxy_set_header        X-Real-IP       $remote_addr;    
             proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;    
             client_max_body_size    10m;    
             client_body_buffer_size 128k;    
             proxy_buffers           32 4k;  
             proxy_connect_timeout   90;    
             proxy_send_timeout      90;    
             proxy_read_timeout      90;    
             proxy_pass              http://localhost:8090;  
       }
    }

}