由NGINX绕过https作为代理服务器 [英] Bypass https by NGINX as proxy server
问题描述
我使用nginx作为常规代理服务器.但是,它仅适用于http,不适用于https.它会为https请求返回一个错误页面.是否可以配置NGINX使其绕过https?
I used nginx as regular proxy server. However, it only works with http but not https. It returns an error page for the https requests.Is there a way to configure NGINX for it to bypass https?
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
resolver 114.114.114.114;
listen 8228;
server_name localhost;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
推荐答案
您必须使用与https相关的设置添加新的server位置,这可能会完成此任务:
You have to add new server location with https-related settings, this might do the job:
server {
resolver 114.114.114.114;
// note the port is changed, you can't serve HTTP and HTTPS on same port
listen 8229 ssl;
// here you must place valid certificates (may be self-singed)
// startssl example:
// # (cat example.com.pem & wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem) | tee -a /etc/nginx/ssl/domain.pem > /dev/null
ssl_certificate /etc/nginx/domain.pem;
// private key decoded, example
// # openssl rsa -in decoded.key -out domain.key
ssl_certificate_key /etc/nginx/domain.key;
server_name localhost;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
}
为了确保足够的安全性,必须在生产中使用许多用于HTTPS配置的可选参数,我已经描述了,也有关ssl模块的官方文档是一个很好的起点.
There are lots of optional parameters for HTTPS configuration you must use on production for sufficient security, I've already described really good security configuration on github gist by link, also official documentation on ssl module is a good point for start.
这篇关于由NGINX绕过https作为代理服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
