nginx http/https代理配置

张立军的架构之路 2018-12-11

1.http2http

 upstream myserver {
  ip_hash;
  server 172.16.15.105:9090 max_fails=5 fail_timeout=30s;
  server 172.16.15.94:9090 max_fails=5 fail_timeout=30s;  
    }

    server {# 服务名及配置,一个服务下可以有多个location 用来表示不同的反向代理
        listen       9090;
        server_name  localhost;

        charset utf-8,gbk;

        location / {
            root   html;
            index  index.html index.htm;
           
            proxy_pass $scheme://myserver;
   #proxy_redirect off;
   proxy_pass_request_headers on;
   
   
   proxy_set_header HOST $HOST:$server_port;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr:$remote_port;
            proxy_set_header Request-Url $request_uri;
   
   proxy_ignore_headers Expires    Cache-Control;
   
   #proxy_set_header   args4    $arg_uiasp4;
   
        }

2.https2http

     #后端真实server
 upstream myserver {
  ip_hash;
  server 172.16.15.94:9090 max_fails=5 fail_timeout=30s; 
  server 172.16.15.105:9090 max_fails=5 fail_timeout=30s; 
    }

    server {# 服务名及配置,一个服务下可以有多个location 用来表示不同的反向代理
        listen       9443 ssl;
        server_name  localhost;

        charset utf-8,gbk;

  ssl_certificate      uias.crt;
  ssl_certificate_key  uias.key;
   
  ssl_session_cache    shared:SSL:1m;
  ssl_session_timeout  5m;
  
  #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers  on;
  
        location / {
            root   html;
            index  index.html index.htm;
           
            proxy_pass http://myserver;
   proxy_redirect http://myserver https://$host:$server_port;
   
   proxy_pass_request_headers on;
   
   proxy_set_header HOST $HOST:$server_port;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr:$remote_port;
            proxy_set_header Request-Url $request_uri;
   
   proxy_ignore_headers Expires    Cache-Control;
   proxy_set_header        X-Forwarded-Proto  https;
   
   #proxy_set_header   args4    $arg_uiasp4;
   
        }
       
       
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }

3.https2https

    #后端真实server
 upstream myserver {
  ip_hash;
  server 172.16.15.105:9443 max_fails=5 fail_timeout=30s;
  server 172.16.15.94:9443 max_fails=5 fail_timeout=30s;  
    }

    server {# 服务名及配置,一个服务下可以有多个location 用来表示不同的反向代理
        listen       9443 ssl;
        server_name  localhost;

        charset utf-8,gbk;

  ssl_certificate      uias.crt;
  ssl_certificate_key  uias.key;
   
  ssl_session_cache    shared:SSL:1m;
  ssl_session_timeout  5m;
  
  #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers  on;
  
        location / {
            root   html;
            index  index.html index.htm;
           
            proxy_pass https://myserver;
   
   proxy_pass_request_headers on;
   
   proxy_set_header HOST $HOST:$server_port;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr:$remote_port;
            proxy_set_header Request-Url $request_uri;
   
   proxy_ignore_headers Expires    Cache-Control;
   proxy_set_header        X-Forwarded-Proto  $scheme;
   
   #proxy_set_header   args4    $arg_uiasp4;
   
        }
       
       
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }

相关推荐

guoscy / 0评论 2011-03-09

fengziboy / 0评论 2012-02-11