nginx绑定ssl证书

server{
    listen 80;
    server_name notes.fovigor.com;
    rewrite ^(.*)$ https://${server_name}$1 permanent; #设置http自动转发https
    }
    server{
    listen 80;
    server_name locus.fovigor.com;
    rewrite ^(.*)$ https://${server_name}$1 permanent; #设置http自动转发https
    }


    server {
        listen       443 ssl;
        server_name  notes.fovigor.com;

        ssl_certificate      /usr/ssl/notes.fovigor.com_bundle.crt;
        ssl_certificate_key  /usr/ssl/notes.fovigor.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #加密套件
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #配置协议
        ssl_prefer_server_ciphers  on;
        

        if ($server_port = 80 ) {
                return 301 https://$host$request_uri;
        }
        proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header REMOTE-HOST $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        
        location / {
            proxy_pass http://127.0.0.1:10086;
            
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        #让http请求重定向到https请求
        error_page 497  https://$host$request_uri;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    
    
    server {
        listen       443 ssl;
        server_name  locus.fovigor.com;

        ssl_certificate      /usr/ssl/locus.fovigor.com_bundle.crt;
        ssl_certificate_key  /usr/ssl/locus.fovigor.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #加密套件
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #配置协议
        ssl_prefer_server_ciphers  on;
        

        if ($server_port = 80 ) {
                return 301 https://$host$request_uri;
        }
        proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header REMOTE-HOST $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        
        location / {
            proxy_pass http://127.0.0.1:5555;
            
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        #让http请求重定向到https请求
        error_page 497  https://$host$request_uri;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }