通过nginx实现ecology9系统的https访问
提供一个在项目中使用的有效的nginx配置文件
泛微 / Ecology9
端口说明
- 88:OA网页端访问端口 http
- 443:OA网页端访问端口 https
- 8999:OA移动端外部地址 http
- 8992: OA移动端外部地址 https
- 7070:PC客户端连接端口 http
- 7071: PC客户端连接端口 https
- 5222: 移动客户端连接端口 http
- 5224: 移动客户端连接端口 https
域名信息
- server_name example.com;
证书信息
- ssl_certificate fullchain.pem;
- ssl_certificate_key privkey.key;
使用说明
- 备份原有nginx.conf文件,文件位于:nginx安装目录/conf目录下。
- 创建nginx.conf文件,并复制下方代码内容,按需调整端口信息、域名、证书信息。
- 修改https域名证书文件名为:fullchain.pem、privkey.key或自定义调整后的文件名称 ,并复制文件至:nginx安装目录/conf目录下或ssl_certificate、ssl_certificate_key对应路径下。
- 配置内容
worker_processes 4; error_log logs/error.log; worker_rlimit_nofile 65535; events { worker_connections 10024; } http { upstream ecologycluster{ #sticky; server 127.0.0.1:88; } include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; client_max_body_size 1000M; client_body_buffer_size 128K; fastcgi_connect_timeout 300s; fastcgi_send_timeout 300s; fastcgi_read_timeout 300s; fastcgi_buffer_size 128k; fastcgi_buffers 8 128k;#8 128 fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; server { listen 443 ssl; server_name example.com; ssl_certificate fullchain.pem; ssl_certificate_key privkey.key; #http跳转https #rewrite ^(.*) https://$server_name$1 permanent; location /mobilemode/mobile/view.html { if ($query_string ~* "appHomepageId=17&.*mTokenFrom=anonymous&.*mToken=194558FC468E28FCEFCEA25D3C249CFE") { rewrite ^ /experts permanent; } } location / { root html; index index.html index.htm index.jsp; proxy_pass http://ecologycluster; proxy_read_timeout 3600; proxy_send_timeout 3600; proxy_buffer_size 128k; proxy_buffers 32 32k; proxy_busy_buffers_size 128k; proxy_redirect http:// $scheme://; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; } # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } upstream emobile7 { server 127.0.0.1:8999; } server { listen 8992 ssl; server_name example.com; ssl_certificate fullchain.pem; ssl_certificate_key privkey.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; proxy_pass http://emobile7; proxy_redirect http:// $scheme://; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } upstream msg7_7070 { server 127.0.0.1:7070; } server { listen 7071 ssl; server_name example.com; ssl_certificate fullchain.pem; ssl_certificate_key privkey.key; location / { root html; index index.html index.htm; proxy_pass http://msg7_7070; proxy_read_timeout 3600; proxy_send_timeout 3600; proxy_redirect http:// $scheme://; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } } stream { upstream msg7_5222 { server 127.0.0.1:5222; } server { listen 5224 ssl; ssl_certificate fullchain.pem; ssl_certificate_key privkey.key; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; proxy_pass msg7_5222; } }
nginx-win 关闭所有进程脚本
- 创建文件例如:关闭.bat,复制下方代码保存后双击执行
taskkill /f /t /im nginx.exe