1、http强制跳转https

server {
    listen 80;
    server_name api.lwxyz.cn;
    return 301 https://$server_name;
    ## rewrite ^/(.*) https://api.lwxyz.cn/$1 permanent; #关键代码仔细比较两者的跳转的区别
}

server {
    listen 443 ssl;
    server_name api.lwxyz.cn; # 项目域名

    ssl_certificate /usr/local/nginx/ssl/api.lwxyz.cn/api.lwxyz.cn.pem; #(证书公钥)
    ssl_certificate_key /usr/local/nginx/ssl/api.lwxyz.cn/api.lwxyz.cn.key; #(证书私钥)

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass      http://127.0.0.1:9999; # tomcat服务器地址
    }
}

2、http和https兼容

server {
    listen 80;
    listen 443 ssl;
    server_name blog.lwxyz.cn; # 项目域名

    ssl_certificate /usr/local/nginx/ssl/blog.lwxyz.cn/blog.lwxyz.cn.pem; #(证书公钥)
    ssl_certificate_key /usr/local/nginx/ssl/blog.lwxyz.cn/blog.lwxyz.cn.key; #(证书私钥)

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass      http://127.0.0.1:5546; # tomcat服务器地址
    }
}