由于小程序必须使用https

然后我们市面上很多程序还是使用http_version 1.1协议的

今天我遇到一个问题，就是，https 反向代理 http 静态资源访问无法加载问题

我们只需要在我们要代理的地方加入即可。

add_header Content-Security-Policy upgrade-insecure-requests;

这里估计是告诉浏览器我这里使用了代理，你给我通过权限吧。

upstream cache {
    server xxx.xxx.xx.xx:6081 weight=3;
    server xxx.xxx.xx.xx:6081 weight=1;
}

upstream phpupstream {
    server xxx.xxx.xx.xx:8666 weight=1;
    server xxx.xxx.xx.xx weight=3;
}

client_max_body_size 64m;

server{
    listen 80;

    index index.html index.htm index.php;
    server_name xxxx.xxxx.com;

    error_log /var/log/nginx/error.log info;

    location ~ .*\.(gif|jpg|jpeg|png|css|js|flv|ico|swf|html)$ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://cache;
    }
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location / {
        proxy_pass http://phpupstream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass_header Server;

        proxy_buffer_size   3072k;
        proxy_buffers 768 3072k;
    }

    location ~*/upload/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://172.18.222.23;
    }

}

server {
    listen 443 ssl;

    index index.html index.htm index.php;
    server_name xxx.xxxx.com;

    error_log /var/log/nginx/error.log info;

    ssl_certificate /etc/nginx/conf.d/3170509_xxx.xxxx.com.pem;
    ssl_certificate_key /etc/nginx/conf.d/3170509_xxx.xxxx.com.key;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    location ~ .*\.(gif|jpg|jpeg|png|css|js|flv|ico|swf|html)$ {
        rewrite ^/(.*)$ http://zanya.zuocd.com/$1 permanent;
    }

    location / {
        add_header Content-Security-Policy upgrade-insecure-requests; #这里这个就是处理https反向代理http时候静态资源的关键

        proxy_pass http://phpupstream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass_header Server;
        proxy_buffer_size   3072k;
        proxy_buffers 768 3072k;
    }
}

当然如果你是要用在小程序开发的话。

  ssl_protocols  SSLv2 SSLv3 TLSv1;
  ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

修改为

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置