Nginx 反向代理https
时间:2016-11-17 09:47来源:linux.it.net.cn 作者:敖士伟
|
说明:
1.nginx 1.2.0 centos 6.2
2.这里所指的反向代理https是指nginx为ssl服务器,nginx与后端服务器的通信还是http,当然可能也可以实现nginx与后端服务器实现https通信,不过本文没有测试
步骤:
nginx要实现ssl,在编译时要添加--with-http_ssl_module,如:
./configure --with-http_ssl_module
#cd /usr/local/nginx/conf
#mkdir ssl
#cd ssl
生成一个私有key
# openssl genrsa -des3 -out aoshiwei.com.key 1024
提示输入密码
生成CSR(Certificate Signing Request)文件:
# openssl req -new -key aoshiwei.com.key -out aoshiwei.com.csr
填写证书内容,组织机构、域名等,Common Name填写域名
# cp aoshiwei.com.key aoshiwei.com.key.bak
# openssl rsa -in aoshiwei.com.key.bak -out aoshiwei.com.key
# openssl x509 -req -days 365 -in aoshiwei.com.csr -signkey aoshiwei.com.key -out aoshiwei.com.crt
在nginx.conf中添加:
-
server {
-
### server port and name ###
-
listen 443 ssl;
-
server_name member.aoshiwei.com;
-
ssl on;
-
-
### SSL log files ###
-
access_log logs/ssl-access.log;
-
error_log logs/ssl-error.log;
-
-
### SSL cert files ###
-
ssl_certificate ssl/aoshiwei.com.crt;
-
ssl_certificate_key ssl/aoshiwei.com.key;
-
### Add SSL specific settings here ###
-
keepalive_timeout 60;
-
-
### Limiting Ciphers ########################
-
# Uncomment as per your setup
-
#ssl_ciphers HIGH:!ADH;
-
#ssl_perfer_server_ciphers on;
-
#ssl_protocols SSLv3;
-
##############################################
-
### We want full access to SSL via backend ###
-
location / {
-
proxy_pass http://member.aoshiwei.com;
-
### force timeouts if one of backend is died ##
-
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
-
-
### Set headers ####
-
proxy_set_header Host $host;
-
proxy_set_header X-Real-IP $remote_addr;
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-
### Most PHP, Python, Rails, Java App can use this header ###
-
proxy_set_header X-Forwarded-Proto https;
-
-
### By default we don't want to redirect it ####
-
proxy_redirect off;
-
}
-
}
(责任编辑:IT) |
------分隔线----------------------------
