server { listen 80; server_name abc.com; add_header Content-Security-Policy upgrade-insecure-requests; rewrite ^ (. *) $ https://$host $1 permanent; access_log /home/data/logs/nginx/ abc.com.log main; }server { listen 443 ssl; server_name abc.com; add_header content-security-policy upgrade-insecure-requests; access_log /home/data/logs/nginx/abc.com.log main; ssl on; ssl_certificate /opt/CA/abc.pem; ssl_certificate_key /opt/CA/abc.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers high:! rc4:! md5:!anull:!enull:! Null:! Dh:! edh:! exp:+medium; ssl_prefer_server_ciphers on; ## #手机和电脑端的匹配 set $mobile _rewrite do_not_perform; if ($http _user_agent ~* "(android|bb\d+|meego). +mobile|avantgo|bada\/|blackberry|blazer| Compal|elaine|fennec|hiptop|iemobile|ip (Hone|od) |IRIS|KINDLE|LGE |MAEMO|MIDP|MMP|MOBILE.+FIREFOX|NETFRont|opera m (ob|in) I|palm ( os)? | Phone|p (Ixi|re) \/|plucker|pocket|psp|series (4|6) 0|symbian|treo|up\. (Browser|link) |vodafone|wap|windows ce|xda|xiino ") {set $mobile _rewrite perform;} if ($http _user_agent ~* "^ (1207|6310|6590 |3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac (er|oo|s\-) |ai (KO|RN) |al (Av|ca|co) |amoi|an (ex|ny|yw) |aptu|ar (ch |go) |as (te|us) |attw|au (di|\-m|r |s ) |avan|be (CK|LL|NQ) |bi (lb|rd) |bl (Ac|az) |br (e|v) w|bumb|bw\-(n|u) | C55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co (mp|nd) |craw|da (it|ll|ng) |dbte|dc\-s|devi|dica|dmob|do (c|p) O|ds ( 12|\-d) |el (49|ai) |em (L2|ul) |er (ic|k0) |esl8|ez ([4-7]0|os|wa|ze) |fetc|fly (\-|_) |g1 u|g560|gene|gf\-5|g\-mo| Go (\.w|od) |gr (Ad|un) |haie|hcit|hd\-(m|p|t) |hei\-|hi (Pt|ta) |hp ( I|IP) |hs\-c|ht (c (\-| |_|a|g|p|s|t) |TP ) |hu (AW|TC) |i\-(20|go|ma) |i230|iac ( |\-|\/) |ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja (t|v) a|jbro|jemu| JIGS|KDDI|KEJI|KGT ( |\/) |klon|kpt |kwc\-|kyo (c|k) |le (no|xi) |lg ( g|\/(k|l|u) |50|54|\-[a-w]) |libw|lynx|m1\-w|m3ga|m50\/| MA (te|ui|xo) |MC (01|21|CA) |m\-cr|me (Rc|ri) |mi (o8|oa|ts) |mmef|mo (01|02|bi|de|do|t (\-| |o|v) |zz) |mt (50|p1|v ) |mwbp|mywa|n10[0-2]|n20[2-3]|n30 (0|2) |n50 (0|2|5) |n7 (0 (0|1) |10) |ne ((c|m) \-|on|tf|wf|wg|wt) |nok (6|i) |nzph |o2im|op (TI|WV) |oran|owg1|p800|pan (a|d|t) |PDXG|PG (13|\-([1-8]|c)) |PHIL|PIRE|PL (AY|UC) |pn\-2|po (ck|rt|se) |prox| PSIO|PT\-G|QA\-A|QC (07|12|21|32|60|\-[2-7]|i\-) |qtek|r380|r600|raks|rim9|ro (Ve|zo) |s55\/|sa (GE|MA|MM|MS|NY|VA) |SC (01|h\-|oo|p\-) |sdk\/|se (c (\-|0|1) |47|mc|nd|ri) |sgh\-|shar|sie (\-|m) |SK\-0|SL (45|id) |sm (AL|AR|B3|IT|T5) |so ( Ft|ny) |sp (01|h\-|v\-|v ) |sy (01|MB) |t2 (18|50) |t6 (00|10|18) |ta (gt|lk) |tcl\-|tdg\-|tel (i|m) |tim\-|t\-mo|to ( PL|SH) |ts (70|M\-|M3|M5) |tx\-9|up (\.b|g1|si) |utst|v400|v750|veri|vi (rg|te) |vk (40|5[0-3]|\-v) |VM40|VODA|VULC|VX ( 52|53|60|61|70|80|81|83|85|98) |w3c (\-| ) |webc|whit|wi (G |NC|NW) |wmlb|wonu|x700|yas\-|your|zeto|zte\- ) ") {set $mobile _rewrite perform;} if ($http _cookie ~ ' gotopc=true ') { set $mobile _rewrite do_not_perform;} ### Mobile phone and computer-side matching location ~^/ { proxy_set_header Host $http _host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header x-forwarded-for $remote _addr; ## #电脑端proxy_ pass http://web; if ($mobile _rewrite = Perform) { ## #手机端 proxy_pass http://mobile; } } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
Nginx to do PC-side and mobile-side separation