Nginx搭建反向代理服务器

### default.conf配置 外部访问支持http和https，但是nginx内部统一把请求转换成https转发出去 ``` server { listen 80; server_name sunfj.cn; ## root www/mimvp_proxy; rewrite ^(.*)host$1 permanent;##强制http转https请求 } server { listen 443 ssl http2; server_name xxx.cn; ## root www/mimvp_proxy; ssl on; ssl_certificate /etc/ssl/certs/xxx.crt; ssl_certificate_key /etc/ssl/certs/xxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { 　　　　proxy_pass /*proxy address*/; } location ~ .do$ { 　　　　proxy_pass /*proxy address*/; } location ~* ^/(images|img|javascript|js|css|blog|flash|media|static)/ { proxy_pass /*proxy address*/; } location ~* ^/favicon\.ico { proxy_pass /*proxy address*/; } location ~* ^/img/logo\.png { proxy_pass /*proxy address*/; } location ~ /\.ht { deny all; } } ``` ### nginx.conf配置 - 转发请求对应的header参数：underscores_in_headers on; - 超时时间配置(全局)： ``` fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; ``` ### docker操作 - 启动Nginx命令： ``` docker run --name some-nginx -v /some/content:/usr/share/nginx/html:ro -d nginx ``` - 反向代理启动命令： ``` docker run --name nginx -p 80:80 -p 443:443 -v /homehttps://img.qb5200.com/download-x/data/nginx/nginx.conf:/etc/nginx/nginx.conf -v /homehttps://img.qb5200.com/download-x/data/nginx/conf.d:/etc/nginx/conf.d -v /etc/ssl/certs:/etc/ssl/certs -d nginx ```