Nginx Set SSL Reverse proxy

Nginx's reverse proxy is usually used to map the Apache, IIS, lighttpd services provided in the intranet to achieve load balancing, and as the dynamic Service program runs the network, the overall security of the server has improved, so how to set up SSL reverse proxy with Nginx?

There are many advantages to using Nginx to set up SSL:

1. Ease of Use: Nginx installation, upgrade simple, nginx smooth upgrade so that the site server does not need to restart to complete the upgrade task.
2. Security: Nginx is transparent to the agent, so it is equivalent to providing a security barrier for servers such as Apache placed behind the agent and can withstand some basic web attacks.
3. Low load: Low load is another great advantage of Nginx. Multiple Apache servers can be configured after Nginx proxy to meet different needs
4. Caching: Files other than dynamic files, such as CSS, JS, and static HTML pages can be delivered directly to Nginx to further reduce the load
5. File compression: Nginx can optimize and reduce file transfer size, reduce file read time.

Said a lot of advantages, I believe you crossing should be tempted, gossip less mention ^_^, the following gives the configuration example:

Because, the following code is just used to demonstrate the entire configuration process, therefore, I use the SSL security certificate is self-signed, if required to be able to pass the authentication SSL security certificate, go to CAS self-^_^ (website address: www.verisign.com).

一、生成SSL安全证书

在nginx的配置目录下新建一个文件夹用以存放证书

# cd /usr/local/nginx/conf
# mkdir ssl
# cd ssl


Generate a private key

# openssl genrsa -des3 -out nixcraft.in.key 1024

Generate a CSR (Certificate Signing Request) file:

# openssl req -new -key nixcraft.in.key -out nixcraft.in.csr

Please enter your own certificate domain name. The part of the red box

Second, configure the SSL reverse proxy

Edit Nginx configuration file

#vi /usr/local/ngnix/conf/nginx.conf

Add the following code:

?

1234567891011121314151617181920212223242526272829303132333435363738

server {        ### server port and name ###        listen          443 ssl;        server_name     nixcraft.in;        ### SSL log files ###        access_log      logs/ssl-access.log;        error_log       logs/ssl-error.log;        ### SSL cert files ###        ssl_certificate      ssl/nixcraft.in.crt;        ssl_certificate_key  ssl/nixcraft.in.key;        ### Add SSL specific settings here ###        keepalive_timeout    60;        ###  Limiting Ciphers ########################        # Uncomment as per your setup        #ssl_ciphers HIGH:!ADH;        #ssl_perfer_server_ciphers on;        #ssl_protocols SSLv3;        ##############################################        ### We want full access to SSL via backend ###        location / {                proxy_pass  http://nixcraft;                ### force timeouts if one of backend is died ##                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;                ### Set headers ####                proxy_set_header Host $host;                proxy_set_header X-Real-IP $remote_addr;                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                ### Most PHP, Python, Rails, Java App can use this header ###                proxy_set_header X-Forwarded-Proto https;                ### By default we don‘t want to redirect it ####                proxy_redirect     off;      }

Save, and reload the configuration file

# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload

To see if the configuration was successful:

# netstat -tulpn | grep :443

SSL configuration is done, you can use https://youdomain.com to access your website.

Nginx Set SSL Reverse proxy