<VirtualHost 127.0.0.1:88>
    ServerAdmin ADMIN_EMAIL
    DocumentRoot "/home/www/wwwroot/default"
    ServerName HOSTNAME
    ErrorLog "/home/www/wwwlogs/error.log"
    CustomLog "/home/www/wwwlogs/access.log" combined
 
    <Directory "/home/www/wwwroot/default">
        Options FollowSymLinks
        AllowOverride All
        Require all granted
        DirectoryIndex index.html index.php
    </Directory>
</VirtualHost>

<VirtualHost 127.0.0.1:88> ServerAdmin ADMIN_EMAIL DocumentRoot "/home/www/wwwroot/default" ServerName HOSTNAME ErrorLog "/home/www/wwwlogs/error.log" CustomLog "/home/www/wwwlogs/access.log" combined <Directory "/home/www/wwwroot/default"> Options FollowSymLinks AllowOverride All Require all granted DirectoryIndex index.html index.php </Directory> </VirtualHost>

server
{
	listen 80;
	listen 443 ssl spdy;
	server_name HOSTNAME;
        index index.html index.htm index.php;
        root  /usr/home/www/wwwroot/default;
 
        ssl_certificate SSL.crt;
	ssl_certificate_key SSL.key;
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_session_cache      shared:SSL:10m;
	ssl_session_timeout  10m; 
	ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
	ssl_prefer_server_ciphers   on;
	add_header Alternate-Protocol  443:npn-spdy/3;
	add_header Strict-Transport-Security "max-age=31536000;";
	spdy_headers_comp 0;
	ssl_buffer_size 4k;
 
	location / {
		try_files $uri @apache;
	}
 
	location @apache {
		internal;
		proxy_pass http://127.0.0.1:88;
		include proxy.conf;
	}
 
	location ~ [^/]\.php(/|$){
		proxy_pass http://127.0.0.1:88;
		include proxy.conf;
	}
 
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)${ 
                #这节字段可能导致某些程序出现图片404错误。
                expires      30d;  
        }
 
        location ~ .*\.(js|css)?${
                expires      12h;
        }
 
        access_log  off;
}

server { listen 80; listen 443 ssl spdy; server_name HOSTNAME; index index.html index.htm index.php; root /usr/home/www/wwwroot/default; ssl_certificate SSL.crt; ssl_certificate_key SSL.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM; ssl_prefer_server_ciphers on; add_header Alternate-Protocol 443:npn-spdy/3; add_header Strict-Transport-Security "max-age=31536000;"; spdy_headers_comp 0; ssl_buffer_size 4k; location / { try_files $uri @apache; } location @apache { internal; proxy_pass http://127.0.0.1:88; include proxy.conf; } location ~ [^/]\.php(/|$){ proxy_pass http://127.0.0.1:88; include proxy.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)${ #这节字段可能导致某些程序出现图片404错误。 expires 30d; } location ~ .*\.(js|css)?${ expires 12h; } access_log off; }

proxy_connect_timeout 30s;
proxy_send_timeout   90;
proxy_read_timeout   90;
proxy_buffer_size    32k;
proxy_buffers     4 32k;
proxy_busy_buffers_size 64k;
proxy_redirect     off;
proxy_hide_header  Vary;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header   Accept-Encoding '';
proxy_set_header   Host   $host;
proxy_set_header   Referer $http_referer;
proxy_set_header   Cookie $http_cookie;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header   X-Forwarded-By    $server_addr:$server_port;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Proto $scheme; #这个很重要，缺失或导致https重定向Loop.

proxy_connect_timeout 30s; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 32k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_redirect off; proxy_hide_header Vary; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; proxy_set_header Accept-Encoding ''; proxy_set_header Host $host; proxy_set_header Referer $http_referer; proxy_set_header Cookie $http_cookie; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-By $server_addr:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; #这个很重要，缺失或导致https重定向Loop.