服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 使用NGINX代理HTTPS请求HTTP后端
Intereting Posts
如何将gzip用于由Content Delivery Network提供的静态网站内容? 它是否改善了页面加载时间? 无法获取/parsing/function/ 我意外删除IIS后,如何在Exchange 2003 Server上重新启用Outlook Web Access? 时间很快就在客系统上跳跃 Postfix不会将邮件发送到在virtual_alias_domains中列出的外部电子邮件地址 安装lftp时出错 站点到站点连接 coLinux比原生Windows慢多less? LSI SAS3081E-R与LSI SAS3081E-S SAS / ATA HBA之间的区别 简单的速率限制 双因素authentication Radiusauthentication 在执行SaltStack期间closuresCron 如何告诉SMF一个服务真的在线? .pac文件和Firefox的network.proxy.socks_remote_dns设置

使用NGINX代理HTTPS请求HTTP后端

我有nginx被configuration为我的外部可见的networking服务器,通过HTTP与后端通话。

我想要实现的场景是:

  1. 客户端向nginx发送HTTP请求,nginx将通过HTTPSredirect到相同的URL
  2. nginx代理请求通过HTTP到后端
  3. nginx通过HTTP接收来自后端的响应。
  4. nginx通过HTTPS将其传递回客户端

我当前的configuration(后端configuration正确)是: 

服务器{
        听80;
         server_name localhost;

        位置〜。* {
             proxy_pass http://后端;
             proxy_redirect http://后端https:// $ host;
             proxy_set_header主机$主机;
             }
         }

我的问题是对客户端(步骤4)的响应是通过HTTP而不是HTTPS发送的。 有任何想法吗?

您尝试设置的代理types称为反向代理。 快速search反向代理nginx让我这个网页:

http://intranation.com/entries/2008/09/using-nginx-reverse-proxy/

除了添加一些有用的function,如X-Forwarded-For头(这将使您的应用程序可见到实际的源IP),它具体做的是: 

proxy_redirect off

祝你好运! 🙂

我在生产中使用以下configuration 

 server { listen xxx.xxx.xxx.xxx:80; server_name www.example.net; rewrite ^(.*) https://$server_name$1 permanent; } server { listen xxx.xxx.xxx.xxx:443; server_name www.example.net; root /vhosts/www.example.net; ssl on; ssl_certificate /etc/pki/nginx/www.example.net.crt; ssl_certificate_key /etc/pki/nginx/www.example.net.key; ssl_prefer_server_ciphers on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/pki/nginx/dh2048.pem; # intermediate configuration. tweak to your needs. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } } 
 server { listen 80; server_name www.example.net example.net; rewrite ^/(.*)$ https://$host$request_uri? permanent; } server { listen 443; server_name www.example.net example.net; .....................