我们在nginx后面有几个面向外部的web应用程序,像这样:
https://app1.mycompany.com – > server1:8080 / app1
https://app2.mycompany.com – > server2:8080 / app2
https://app2.mycompany.com – > server2:8080 / app3
我要求将nginxconfiguration更新为代理使用子文件夹,而我们的系统pipe理员告诉我们,这是不可能在https下,因为请求url本身是encryption的。 我们的系统pipe理员非常有知识和安全意识,他说的是有道理的。 但是,我曾经在联合系统(作为应用程序开发人员),其中https请求子文件夹被代理到单独的应用程序。 有人可以帮我理解什么types的设置是必要的,以达到以下目的:
https://www.mycompany.com/app1 – > server1:8080 / app1
https://www.mycompany.com/app2 – > server2:8080 / app2
https://www.mycompany.com/app3 – > server2:8080 / app3
它应该是像下面的东西。 只需使用location指令为HTTPS反向代理地址指定文件夹,并使用proxy_pass指令地址为内部位置指定文件夹。
server { listen <ip_address>:443; ssl on; server_name <domain_name>; ### SSL cert files ### ssl_certificate /etc/ssl/certs/local.crt; ssl_certificate_key /etc/ssl/private/local.key; ### Add SSL specific settings here ### ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; keepalive_timeout 60; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location /app1 { proxy_pass http://<internal_ip>:8080/app1; proxy_set_header Accept-Encoding ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header Front-End-Https on; proxy_redirect off; } location /app2 { proxy_pass http://<internal_ip>:8080/app2; proxy_set_header Accept-Encoding ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header Front-End-Https on; proxy_redirect off; location /app3 { proxy_pass http://<internal_ip>:8080/app3; proxy_set_header Accept-Encoding ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header Front-End-Https on; proxy_redirect off; } }