nginx反向代理http 和 https(案例)

说明:在香港开了一台虚拟机,主要用于将来自国外访问的80和443代理到大陆IDC机房

(1) 定义80和443的upstream

211.155.82.174 是keepalive中VIP对应的公网IP(在国内访问www.playyx.com解析到211.155.82.174)

复制代码
upstream new_server {
        server 211.155.82.174:80;                       
}

upstream new_server443 {
        server 211.155.82.174:443;
}

(2) 定义80端口反代

复制代码
server
	{
        listen 80 default_server;       
        server_name  playyx.com *.playyx.com *.yingyou360.cn;
        location / {     
        proxy_pass http://new_server;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
	}
}

(3) 定义443端口反代 *.playyx.com

复制代码
server
{
        listen 443 ssl;
	ssl on;
        ssl_certificate          /alidata/ssl/playyx.com/server.crt;
        ssl_certificate_key      /alidata/ssl/playyx.com/server.key;
        keepalive_timeout            70;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;

        server_name  *.playyx.com;

        location / {

        proxy_pass https://new_server443;
        proxy_next_upstream http_502 http_504 error timeout invalid_header;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
	proxy_set_header   X-Forwarded-Proto https;         #识别用户是通过https访问的
        proxy_redirect     off;
        }
}

(4) 定义443端口反代 *.yingyou360.cn

复制代码
server
{
        listen 443 ssl;
        ssl on;
        ssl_certificate          /alidata/ssl/yingyou360.cn/server.crt;
        ssl_certificate_key      /alidata/ssl/yingyou360.cn/server.key;
        ssl_verify_depth             1;
        keepalive_timeout            70;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;

        server_name  *.yingyou360.cn;

        location / {

        proxy_pass https://new_server443;
        proxy_next_upstream http_502 http_504 error timeout invalid_header;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;           #X-Forwarded-For 是为了获得实际用户的 IP或前端负载的ip
        proxy_set_header   X-Forwarded-Proto https;     #识别用户访问的协议是https
        proxy_redirect     off;                    #如果开启的话,通过wireshark抓包可以看到后端apache的真实URL,我们可以修改这个返回值(http://blog.csdn.net/u010391029/article/details/50395680)
        }
}
相关推荐
易ლ拉罐21 小时前
【计算机网络】HTTP协议(二)——超文本传输协议
网络·计算机网络·http·1024程序员节
qyhua1 天前
从零部署自维护版 Uptime Kuma:Node.js + PM2 + Nginx 全链路实战指南
运维·nginx·node.js
睡不醒的猪儿1 天前
nginx日志同步阿里云datahub后写入数据库
数据库·nginx·阿里云
BIBI20491 天前
HTTP 请求方法指南:GET, POST, PUT, PATCH, DELETE 区别
网络·网络协议·http
耿雨飞1 天前
Nginx代理服务应用实战:HTTP代理模块、正向代理、反向代理与TCP/UDP代理详解
nginx
fenglllle1 天前
http trailer 与 http2
http·wireshark·1024程序员节
2501_915918411 天前
iOS 26 查看电池容量与健康状态 多工具组合的工程实践
android·ios·小程序·https·uni-app·iphone·webview
☆璇1 天前
【Linux】应用层协议HTTP
网络·网络协议·http·1024程序员节
2501_915909061 天前
iOS 架构设计全解析 从MVC到MVVM与使用 开心上架 跨平台发布 免Mac
android·ios·小程序·https·uni-app·iphone·webview
2501_915921432 天前
“HTTPS 个人化”实战,个人站点与设备调试的部署、验证与抓包排查方法
网络协议·http·ios·小程序·https·uni-app·iphone