我想知道是否可以就我的 nginx 配置获得一些建议。配置似乎正在工作,但我不确定我是否正确地做所有事情。基本思想是在同一台机器上运行 Jira 和 Confluence 服务器(在不同的 Tomcat 实例中),前面有 nginx 来处理两者的 SSL。我只希望与 Jira/Confluence 建立 SSL 连接。Jira 在 127.0.0.1:9090 上运行,Confluence 在 127.0.0.1:8080 上运行。这是我的 nginx.conf,任何建议或提示将不胜感激。
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;
# Our self-signed cert
ssl_certificate /etc/ssl/certs/fissl.crt;
ssl_certificate_key /etc/ssl/private/fissl.key;
# redirect non-ssl Confluence to ssl
server {
listen 80;
server_name confluence.example.com;
rewrite ^(.*) https://confluence.example.com$1 permanent;
}
# redirect non-ssl Jira to ssl
server {
listen 80;
server_name jira.example.com;
rewrite ^(.*) https://jira.example.com$1 permanent;
}
#
# The Confluence server
#
server {
listen 443;
server_name confluence.example.com;
ssl on;
access_log /var/log/nginx/confluence.access.log main;
error_log /var/log/nginx/confluence.error.log;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
#
# The Jira server
#
server {
listen 443;
server_name jira.example.com;
ssl on;
access_log /var/log/nginx/jira.access.log main;
error_log /var/log/nginx/jira.error.log;
location / {
proxy_pass http://127.0.0.1:9090/;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
看起来不错,但是,如果您直接从 nginx 提供静态文件(图像、css 等)而不是将其代理到 tomcat,您可能会获得更好的性能。