由于需要nginx反向代理负载,跳转目录URL会自动被加上非80端口(如9000,当启用https时9000端口号会导致证书错误),需要隐藏。
通过port_in_redirect off;可实现端口号隐藏,设置重启后需要清除浏览器缓存。try_files $uri $uri/ @rewrite;会生成301永久重定向,部分浏览器会记住而导致设置无效。
upstream upstream.lenmot {
#ip_hash;
server 192.168.1.201:9000 weight=5 max_fails=2 fail_timeout=5s;
server 192.168.1.202:9000 backup;
}
server {
listen 80;
server_name *.lenmot.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name *.lenmot.com;
ssl on;
ssl_certificate /etc/nginx/keys/***.crt;
ssl_certificate_key /etc/nginx/keys/***.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "***";
location / {
proxy_pass http://upstream.lenmot;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
# proxy_buffer_size 32k;
# proxy_buffers 4 32k;
# proxy_busy_buffers_size 64k;
# proxy_temp_file_write_size 64k;
#proxy_max_temp_file_size 0;
#proxy_connect_timeout 90;
#proxy_send_timeout 90;
#proxy_read_timeout 90;
}
}
server {
listen 9000;
server_name *.lenmot.com;
root /usr/local/www/lenmot/www;
index index.php index.html index.htm;
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
port_in_redirect off;
try_files $uri $uri/ @rewrite;
location @rewrite {
rewrite ^/(.*)$ /index.php?s=$1 last;
}
# PHP FPM configuration.
location ~ \.php {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}