Nginx 反向代理https
一、代理nginx开启80,443端口
############################################################################
# cat /etc/nginx/conf.d/nginx_http.conf
# 设置通过http域名访问的时候直接跳转https
server {
listen 80;
server_name www.meteor-yu.com;
rewrite ^/(.*) https://$server_name/$1 permanent;
}
# 设置不允许IP访问
server {
listen 80 default_server;
server_name _;
return 403;
}
# 设置通过http访问顶级域名meteor-yu.com自动跳转https访问www.meteor-yu.com这个域名
server {
listen 80;
server_name meteor-yu.com;
return 301 https://www.meteor-yu.com$request_uri;
}
############################################################################
二、创建自签名证书
# cat /etc/nginx/conf.d/nginx_https.conf
# 创建自签名证书,并添加到配置中
server {
listen 443;
server_name www.meteor-yu.com;
ssl on;
ssl_certificate conf.d/server.crt;
ssl_certificate_key conf.d/server.key;
access_log /var/log/nginx/staff_assessing_system_access.log main;
error_log /var/log/nginx/staff_assessing_system_error.log;
location / {
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_ignore_client_abort on;
proxy_connect_timeout 60s;
proxy_read_timeout 5400s;
proxy_send_timeout 5400s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.10.10.10:84; # 转发到后台的web端口,这里是后台web是84端口,后台访问仍然是http
}
}
# 不允许https直接IP访问
server {
listen 443 default_server;
server_name _;
ssl on;
ssl_certificate /etc/nginx_ssl/server.crt;
ssl_certificate_key /etc/nginx_ssl/server.key;
return 403;
}
# 设置通过https访问顶级域名meteor-yu.com自动跳转到www.meteor-yu.com这个域名
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx_ssl/server.crt;
ssl_certificate_key /etc/nginx_ssl/server.key;
server_name meteor-yu.com;
return 301 https://www.meteor-yu.com$request_uri;
}
############################################################################
本文出自 “流星宇” 博客,请务必保留此出处http://8789878.blog.51cto.com/8779878/1853752
原文地址:http://8789878.blog.51cto.com/8779878/1853752