Nginx 负载平衡与上游 SSL [英] Nginx load balance with upstream SSL

问题描述

尝试将 Nginx 设置为 https 服务器的负载均衡器.上游通过端口 443 提供服务，并配置了 SSL 证书.如何配置Nginx，让SSL证书配置只在上游服务器处理，不在Nginx服务器处理?

Trying to setup Nginx as load balancer for https servers. The upstream serves over port 443 with SSL certificates configured. How to configure Nginx, so that the SSL certificate configuration is handled only on the upstream servers and not in the Nginx server?

推荐答案

您需要使用 上游模块和反向代理模块.要反向代理到 https 上游，请使用此

You need to use Upstream module, and Reverse Proxy module. To reverse proxy to the https upstream, use this

proxy_pass  https://backend;

其中后端是上游区块.

但是，如果我这样做，我会在 nginx 服务器上终止 ssl，并使上游应用服务器做他们擅长的事情:提供内容，而不是担心 ssl 加密/解密开销.使用 SSL 模块在 nginx 上设置 ssl 终止也非常简单.此处还提供了一个非常好的案例研究.

However, if I were doing this, I'd terminate ssl on the nginx server, and make upstream app servers doing what they are good at: serving the content, instead of worrying about ssl encryption/decryption overhead. Setting up ssl termination on nginx is also very simple using the SSL module. A very good case study is also given here.

这篇关于Nginx 负载平衡与上游 SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！