1
rrfeng 2018-03-01 15:10:56 +08:00 1
可以。
|
2
liuyinltemp OP 请问怎么操作,最好是强制打开 https,谢谢
|
3
CokeMine 2018-03-01 15:14:13 +08:00 via Android
可以的。
|
4
liuyinltemp OP 求教程,纯小白,附一下,现有配置。
user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { use epoll; worker_connections 2048; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 60; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; proxy_connect_timeout 5; proxy_read_timeout 60; proxy_send_timeout 5; proxy_buffer_size 16k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; proxy_temp_path /home/cache/temp; proxy_cache_path /home/cache/path levels=1:2 keys_zone=cache_one:32m inactive=1h max_size=128m; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; server { listen 80; server_name bbb.com; large_client_header_buffers 4 16k; client_max_body_size 300m; client_body_buffer_size 128k; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; access_log off; if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) { return 403; } location / { sub_filter aaa.com bbb.com; sub_filter 'include/javascript/common.js' ''; sub_filter '<div id="menu2">' '<div id="menu2" style="display:none;">'; sub_filter '<div id="header">' '<div id="header" style="display:none;">'; sub_filter '<div id="announcement"' '<id="announcement" style="display:none;"'; sub_filter '<div id="footercontainer">' '<div id="footercontainer" style="display:none;">'; sub_filter 'id="forumlinks" cellpadding="0" cellspacing="0" style="">' 'id="forumlinks" style="display:none;">'; sub_filter '<div class="maintable" style="color: #333; clear: both;">' '<div class="maintable" style="display:none;">'; sub_filter '<div class="legend">' '<div class="legend" style="display:none;">'; sub_filter_once off; subs_filter '<div id="menu">' '<div id="menu" style="display:none;">' o; proxy_pass http://aaa.com; proxy_cache_key "$scheme://$host$request_uri"; proxy_cache cache_one; proxy_cache_valid 200 304 10m; proxy_cache_valid 301 1h; proxy_cache_valid any 1m; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer http://aaa.com; proxy_set_header Host $host; proxy_set_header Accept-Encoding ""; } } } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #} |
5
lcorange 2018-03-01 15:22:52 +08:00
我服务器的代理,把 node 起的服务用 nginx 代理出去,你借鉴一下
server { listen 443; server_name xxx.xxx.cn; ssl on; ssl_certificate ca.crt; ssl_certificate_key ca.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Methods GET,PUT,DELETE,POST,OPTIONS; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Headers token,content-type; return 204; } proxy_pass http://127.0.0.1:3000/; add_header Access-Control-Allow-Origin *; } } |
6
hello123vvv 2018-03-01 15:26:51 +08:00
|
7
zhjits 2018-03-01 16:30:57 +08:00
不就开一个 TLS 的站,然后 proxy_pass http://
|
8
my101du 2018-03-01 16:54:02 +08:00
# 代理
```conf # 可以用来做负载均衡,或者只需要一个后端 ip+端口 upstream backend-server { server 192.168.0.99:443; } # 所有 http 请求,都跳转到 https server { listen 80; server_name www.sample.org; return 301 https://$host$request_uri; } # https server { listen 443 ssl; server_name www.sample.org; ssl_certificate /etc/nginx/ssl/xxxxx.crt; ssl_certificate_key /etc/nginx/ssl/xxxxxxxx.key; location / { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto https; proxy_ssl_certificate /etc/nginx/ssl/xxxxxxxxx.crt; proxy_ssl_certificate_key /etc/nginx/ssl/xxxxxxxxx.key; # proxy_ssl_verify on; # proxy_ssl_verify_depth 2; # proxy_ssl_session_reuse on; # proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # proxy_ssl_ciphers HIGH:!aNULL:!MD5; proxy_pass https://backend-server; } } ``` # 后端主机 ``` server { listen 443 ssl; server_name www.sample.org; ssl_certificate /etc/nginx/ssl/xxxxx.crt; ssl_certificate_key /etc/nginx/ssl/xxxxxxxx.key; location / { try_files $uri $uri/ /index.php?$query_string; } } ``` |
9
my101du 2018-03-01 16:55:21 +08:00
奇怪 markdown 格式没解析。。 你自己处理下缩进吧。
这个方案在我测试服务器上是 ok 的。 |
10
shaoS 2018-03-01 17:04:41 +08:00
为什么不直接把 http://aaa.com rewrite https://bbb.com 呢
|
11
zjb861107 2018-03-01 17:12:34 +08:00
https://imququ.com
推荐一个博客,看这个应该就够了 |
12
liuyinltemp OP @my101du 谢谢,确实不复杂,小白不懂。
|