我想在macOS上使用nginx作为服务器apache的反向代理。 我pipe理默认的macOS服务器的apache运行在端口4780为HTTP和47443为HTTPS。 Config位于这里: /Library/Server/Web/Config/Proxy/apache_serviceproxy.conf
现在nginx的一部分:我想nginx代理服务器的子域server.example.com上的Apache。
对于HTTP它的作品像魅力,但HTTPS是问题,证书是在Apache中,而不是在Nginx的…
HTTPconfiguration:
server { listen 80; listen [::]:80; server_name server.example.com; #charset koi8-r; access_log /logs/server.access.log main; error_log /logs/server.error.log error; location / { proxy_pass http://localhost:4780; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
HTTPSconfiguration:
server { listen 443; listen [::]:443; server_name server.example.com; #charset koi8-r; access_log /logs/server.access.log main; error_log /logs/server.error.log error; location / { proxy_pass https://localhost:47443; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
对于HTTP,它可以工作,但是对于HTTPS而言: Safari can't establish a secure connection to the server
如何做呢?
在您的HTTPSconfiguration中,在server_name下面添加以下两行:
ssl_certificate /path/to/your/certificate_file; ssl_certificate_key /path/to/your/private_key_file;
并在listen指令中添加ssl选项。
你的configuration将如下所示:
server { listen 443 ssl; listen [::]:443 ssl; server_name server.example.com; ssl_certificate /path/to/your/certificate_file; ssl_certificate_key /path/to/your/private_key_file; #charset koi8-r; access_log /logs/server.access.log main; error_log /logs/server.error.log error; location / { proxy_pass https://localhost:47443; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }