配置文件如下:
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
multi_accept on;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
autoindex on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 120;
types_hash_max_size 2048;
gzip on;
gzip_disable "msie6";
server_tokens off;
proxy_cache_path /var/www/cache/ levels=1:2 keys_zone=one:100m inactive=1d max_size=1g;
proxy_cache_key $host$request_uri;
# include /etc/nginx/conf.d/*.conf;
# include /etc/nginx/sites-enabled/*;
# 导入 sever 配置
# **************************************************
upstream google{
server 172.217.6.99 max_fails=3 fail_timeout=10s;
server 172.217.0.3 max_fails=3 fail_timeout=10s;
server 172.217.1.35 max_fails=3 fail_timeout=10s;
}
# **************************************************
server {
listen 80;
listen 443 ssl;
server_name
example.com www.example.com;
ssl_certificate /etc/nginx/
example.com/fullchain1.pem; ssl_certificate_key /etc/nginx/
example.com/privkey1.pem; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot")
{
return 403;
}
if ( $host != "
example.com" ) {
return 403;
}
if ($scheme = http) {
rewrite ^/(.*) https://$server_name/$1 permanent;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
access_log /etc/nginx/log.log;
error_log /etc/nginx/error.log error;
proxy_cache one;
proxy_cache_valid 200 302 2h;
proxy_cache_valid 404 1h;
proxy_buffering off;
proxy_pass https://google;
proxy_redirect
https://www.google.com/ /;
proxy_redirect off;
proxy_set_header Host $proxy_host;
proxy_cookie_domain
google.com example.com;
proxy_set_header Accept-Encoding "";
proxy_set_header referer "https://$proxy_host$request_uri";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Language "zh-CN";
proxy_set_header Cookie "PREF=ID=047818f19f6de346:U=0f622f33dd8549d11:FF=25:LD=zh-CN:NW=1:TM=1325238577:LM=1332342444:GM=5:SG=1:S=rE01SyJh2w1IQ-Maw";
sub_filter_types text/css text/xml text/javascript application/json application/javascript;
sub_filter
www.google.com.hk example.com;
sub_filter_once off;
} # 结束 location
location /textinputassistant {
proxy_pass
https://www.google.com/textinputassistant/; proxy_set_header Accept-Encoding "";
} # 结束 location
location /_ {
proxy_pass
https://apis.google.com/_/; proxy_set_header Accept-Encoding "";
} # 结束 location
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
} # 结束 location
} # 结束 server
} # 结束 http
测试以后发现不能访问 google ,出现 如下的错误日志:
13143#13143: *10 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream
本人英语不好, google 发现好多英文说明,可是看不懂啊,有大神帮忙解答一下不?
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.