-
Notifications
You must be signed in to change notification settings - Fork 0
2.5 vhost_SSL.conf
couplewith edited this page Mar 7, 2018
·
1 revision
vhost_SSL.conf
server {
listen 443;
server_name localhost es.interpark.com 22.21.5.205 22.21.5.206 21.23.7.68 21.23.7.69 21.23.7.70;
#charset koi8-r;
############## SSL CONF ##################################################
ssl on;
ssl_certificate /usr/local/nginx/conf/sslkey2016/cert2.pem;
ssl_certificate_key /usr/local/nginx/conf/sslkey2016/key2.pem;
ssl_verify_client off;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
##########################################################################
location ~* ^.+\.(cgi|py|pyc|pl|go|ogg|ogv|svg|svgz|eot|otf|mp4|ttf|rss|atom|jpeg|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
root html;
access_log off; log_not_found off; expires max;
return 204;
}
# for fluentd-fake
location ~ /(clog|elog)/.*.(php|php4|php3|asp|do|jsp|exe|sh|html|gif|jpeg|png|jpg)$ {
root html;
access_log off; log_not_found off; expires max;
return 204;
}
location ~ /(clog|elog)/(.*) {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET,POST,HEAD,DELETE,PUT,OPTIONS';
# proxy_pass http://nx_fluent_9990/$2; # ok
proxy_pass http://es_fluent_9999/$2; # ok
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header X-Forwarded-For $remote_addr;
access_log logs/access-efluent-actionwww.log;
error_log logs/error-efluent-actionwww.log;
}
# for elasticsearch
# location ~ ^/(es|search)/(.*)
location ~ ^/(es)/(.*) {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://es_search_9200/$2;
allow 192.168.27.0/24;
allow 10.7.98.120;
allow 10.7.97.0/24;
allow 10.7.97.10;
allow 10.7.97.11;
allow 10.7.97.4;
deny all;
}
# kibana4
location ~ ^/(trend4)/(.*) {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://es_kibana4_5601/$2;
allow 192.168.27.0/24;
allow 10.7.98.120;
allow 10.7.97.0/24;
allow 10.7.97.10;
allow 10.7.97.11;
allow 10.7.97.4;
deny all;
}
location ~ /rrd/(.*) {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
rewrite ^/rrd/?(.*)$ /$1 break;
proxy_pass http://sys_rrd_8081;
# proxy_pass http://sys_rrd_8081/$1;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
root /data/logminor/eslog_www;
index index.html index.htm;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}