码迷,mamicode.com
首页 > Web开发 > 详细

Nginx 反向代理https

时间:2016-09-18 21:21:51      阅读:137      评论:0      收藏:0      [点我收藏+]

标签:nginx 反向代理https

Nginx 反向代理https


一、代理nginx开启80,443端口

############################################################################

# cat /etc/nginx/conf.d/nginx_http.conf

        # 设置通过http域名访问的时候直接跳转https

server {

    listen 80;

    server_name www.meteor-yu.com;

    rewrite ^/(.*) https://$server_name/$1 permanent;

}

        # 设置不允许IP访问

server {

   listen 80 default_server;

    server_name _;

    return 403;

}

        # 设置通过http访问顶级域名meteor-yu.com自动跳转https访问www.meteor-yu.com这个域名

server {

   listen 80;

    server_name meteor-yu.com;

    return 301 https://www.meteor-yu.com$request_uri;

}


############################################################################

二、创建自签名证书

# cat /etc/nginx/conf.d/nginx_https.conf

        # 创建自签名证书,并添加到配置中

server {

    listen 443;

    server_name www.meteor-yu.com;

    

    ssl on;

    ssl_certificate conf.d/server.crt;

    ssl_certificate_key conf.d/server.key;


    access_log /var/log/nginx/staff_assessing_system_access.log main;

    error_log /var/log/nginx/staff_assessing_system_error.log;

    location / {

        proxy_next_upstream http_502 http_504 error timeout invalid_header;

        proxy_ignore_client_abort on;

        proxy_connect_timeout 60s;

        proxy_read_timeout 5400s;

        proxy_send_timeout 5400s;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://10.10.10.10:84;   # 转发到后台的web端口,这里是后台web是84端口,后台访问仍然是http

    } 

}

        # 不允许https直接IP访问

server {

    listen 443 default_server;

    server_name _;

    ssl on;

    ssl_certificate /etc/nginx_ssl/server.crt;

    ssl_certificate_key /etc/nginx_ssl/server.key;

    return 403;

}

        # 设置通过https访问顶级域名meteor-yu.com自动跳转到www.meteor-yu.com这个域名

server {

    listen 443;

    ssl on;

    ssl_certificate /etc/nginx_ssl/server.crt;

    ssl_certificate_key /etc/nginx_ssl/server.key;

    server_name meteor-yu.com;

    return 301 https://www.meteor-yu.com$request_uri;

}


############################################################################


本文出自 “流星宇” 博客,请务必保留此出处http://8789878.blog.51cto.com/8779878/1853752

Nginx 反向代理https

标签:nginx 反向代理https

原文地址:http://8789878.blog.51cto.com/8779878/1853752

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!