nginx http/https代理配置
张立军的架构之路 2018-12-11
1.http2http
upstream myserver {
ip_hash;
server 172.16.15.105:9090 max_fails=5 fail_timeout=30s;
server 172.16.15.94:9090 max_fails=5 fail_timeout=30s;
}
server {# 服务名及配置,一个服务下可以有多个location 用来表示不同的反向代理
listen 9090;
server_name localhost;
charset utf-8,gbk;
location / {
root html;
index index.html index.htm;
proxy_pass $scheme://myserver;
#proxy_redirect off;
proxy_pass_request_headers on;
proxy_set_header HOST $HOST:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr:$remote_port;
proxy_set_header Request-Url $request_uri;
proxy_ignore_headers Expires Cache-Control;
#proxy_set_header args4 $arg_uiasp4;
}
2.https2http
#后端真实server
upstream myserver {
ip_hash;
server 172.16.15.94:9090 max_fails=5 fail_timeout=30s;
server 172.16.15.105:9090 max_fails=5 fail_timeout=30s;
}
server {# 服务名及配置,一个服务下可以有多个location 用来表示不同的反向代理
listen 9443 ssl;
server_name localhost;
charset utf-8,gbk;
ssl_certificate uias.crt;
ssl_certificate_key uias.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass http://myserver;
proxy_redirect http://myserver https://$host:$server_port;
proxy_pass_request_headers on;
proxy_set_header HOST $HOST:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr:$remote_port;
proxy_set_header Request-Url $request_uri;
proxy_ignore_headers Expires Cache-Control;
proxy_set_header X-Forwarded-Proto https;
#proxy_set_header args4 $arg_uiasp4;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
3.https2https
#后端真实server
upstream myserver {
ip_hash;
server 172.16.15.105:9443 max_fails=5 fail_timeout=30s;
server 172.16.15.94:9443 max_fails=5 fail_timeout=30s;
}
server {# 服务名及配置,一个服务下可以有多个location 用来表示不同的反向代理
listen 9443 ssl;
server_name localhost;
charset utf-8,gbk;
ssl_certificate uias.crt;
ssl_certificate_key uias.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass https://myserver;
proxy_pass_request_headers on;
proxy_set_header HOST $HOST:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr:$remote_port;
proxy_set_header Request-Url $request_uri;
proxy_ignore_headers Expires Cache-Control;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header args4 $arg_uiasp4;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
