未开启SSL证书

upstreamtornadoes{

server127.0.0.1:8000;

server127.0.0.1:8001;

server127.0.0.1:8002;

}

proxy_next_upstreamerror;

server{

listen80;#一般是80

#sslon;

server_name wosign.com www.wosign.com;

#ssl_certificate/etc/nginx/ssl/wosign.com.crt;

#私钥文件名称

#ssl_certificate_key/etc/nginx/ssl/wosign.com.key;

location/{

proxy_pass_headerServer;

proxy_set_headerHost$http_host;

proxy_redirectoff;

proxy_set_headerX-Real-IP$remote_addr;

proxy_set_headerX-Scheme$scheme;

#把请求方向代理传给tornado服务器，负载均衡

proxy_passhttp://tornadoes;

}

}

开启SSL证书

upstreamtornadoes{

server127.0.0.1:8000;

server127.0.0.1:8001;

server127.0.0.1:8002;

}

proxy_next_upstreamerror;

server{

#监听443端口

listen443;

#对应的域名，把wosign.com改成你们自己的域名就可以了

server_name wosign.com;

sslon;

#从wosign获取到的第一个文件的全路径

ssl_certificate/etc/nginx/ssl/1_www.wosign.com_bundle.crt;

#从wosign获取到的第二个文件的全路径

ssl_certificate_key/etc/nginx/ssl/2_www.wosign.com.key;

ssl_session_timeout5m;

ssl_protocolsTLSv1TLSv1.1TLSv1.2;

ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

ssl_prefer_server_cipherson;

#这是我的主页访问地址，因为使用的是静态的html网页，所以直接使用location就可以完成了。

location/{

proxy_pass_headerServer;

proxy_set_headerHost$http_host;

proxy_redirectoff;

proxy_set_headerX-Real-IP$remote_addr;

proxy_set_headerX-Scheme$scheme;

#把请求方向代理传给tornado服务器，负载均衡

proxy_passhttp://tornadoes;

}

}

server{

listen80;

server_name wosign.com;

rewrite^/(.*)$https://wosign.com:443/$1permanent;

}