- 前端的 nginx 监听 443 端口
- 后端的其它服务职能监听 443 之外的端口
server {
listen 2443 ssl;
listen [::]:2443 ssl;
server_name mmwiki.fengbohello.top;
access_log /var/log/nginx/mm-wiki.access.log;
error_log /var/log/nginx/mm-wiki.error.log;
ssl_certificate /etc/nginx/conf.d/certfile/mmwiki.fengbohello.top/Nginx/1_mmwiki.fengbohello.top_bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/certfile/mmwiki.fengbohello.top/Nginx/2_mmwiki.fengbohello.top.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_pass http://172.17.0.1:35888;
}
}
server {
listen 80;
listen [::]:80;
server_name mmwiki.fengbohello.top;
access_log /var/log/nginx/mm-wiki.access.log;
error_log /var/log/nginx/mm-wiki.error.log;
rewrite ^(.*) https://mmwiki.fengbohello.top permanent;
}
stream {
upstream ssh {
server 172.17.0.1:22;
}
upstream web {
server 127.0.0.1:2443;
}
map $ssl_preread_protocol $upstream {
"" ssh;
"TLSv1.2" web;
default web;
}
# SSH and SSL on the same port
server {
listen 443;
proxy_pass $upstream;
ssl_preread on;
}
}