Nginx Reverse proxy http and HTTPS configuration

Nginx can reverse proxy HTTP, also can proxy HTTPS, just need SSL certificate. A handy certificate is recommended here:

Https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E

The steps are very detailed.

Install Nginx Reference:

http://mrdeng.blog.51cto.com/3736360/1735313

The SSL module needs to be developed when compiling:
--with-http_ssl_module, enable nginx support for SSL.

After the installation is complete, configure the Nginx conf file for the reverse proxy:

User www www;

Worker_processes 2;

#worker_cpu_affinity 0001 0010 0100 1000;

Error_log/opt/web/nginx_error.log Crit;

Pid/usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors the can is opened by this process.

Worker_rlimit_nofile 51200;

Events

{

Use Epoll;

Worker_connections 51200;

#multi_accept on;

}

http

{

Include Mime.types;

Default_type Application/octet-stream;

CharSet Utf-8;

Server_names_hash_bucket_size 128;

Client_header_buffer_size 32k;

Large_client_header_buffers 4 32k;

# client_max_body_size 8m;

Sendfile on;

Tcp_nopush on;

Keepalive_timeout 120;

Fastcgi_connect_timeout 400;

Fastcgi_send_timeout 400;

Fastcgi_read_timeout 400;

Fastcgi_buffer_size 64k;

Fastcgi_buffers 4 64k;

Fastcgi_busy_buffers_size 128k;

Fastcgi_temp_file_write_size 128k;

Tcp_nodelay on;

gzip on;

Gzip_min_length 1k;

Gzip_buffers 4 16k;

Gzip_http_version 1.0;

Gzip_comp_level 2;

Gzip_types text/plain application/x-javascript text/css application/xml;

Gzip_vary on;

Server_tokens off;

Client_max_body_size 512m; #允许客户端请求的最大单个文件字节数

Client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数

Proxy_connect_timeout 600; #跟后端服务器连接超时时间, initiates a handshake waiting for a response time-out

Proxy_read_timeout 600; #连接成功后, waiting for back-end server response time, waiting in the back-end queue

Proxy_send_timeout 600; The #后端服务器数据回传时间 is that the backend server must be handed out within the specified time

Proxy_buffer_size 16k; #代理请求缓存区, this cache interval will save the user's information for Nginx to process, generally as long as you can save the head

Information can

Proxy_buffers 4 32k; #同上, tell Nginx to save a single use of a few buffer max with how much space

Proxy_busy_buffers_size 64k; #如果系统很忙可以申请用的几个更大的proxy_buffer

Proxy_temp_file_write_size 64k; #缓存临时文件大小

#log format

Log_format access ' $remote _addr-$remote _user [$time _local] "$request"

' $status $body _bytes_sent ' $http _referer '

' "$http _user_agent" $http _x_forwarded_for ';

Upstream GW2 {

server 172.16.88.21:80;

}

server {

Listen 443;

SSL on;

Ssl_certificate/opt/ssl/xxx.com.cer;

Ssl_certificate_key/opt/ssl/xxx.com.key;

server_name www.xxx.com;

Location/{

Proxy_pass http://gw2;

Proxy_redirect off;

Limit_req Zone=gw6lapp burst=100 Nodelay;

Proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header;

Proxy_set_header Host $host;

Proxy_set_header X-forwarded-proto HTTPS;

Proxy_set_header x-forwarded-for $remote _addr;

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

Proxy_headers_hash_max_size 51200;

proxy_headers_hash_bucket_size 6400;

}

}

server {

Listen 80;

server_name www.xxx.com;

Rewrite ^ (. *) https://$server _name$1 permanent;

}

The configuration file is so that you can access http://www.xxx.com automatically jump to https://www.xxx.com

Here is the use of Nginx rewrite function permanent is to achieve a permanent jump.

Attention:

I did not open the 443 port, the whole last engaged for a few hours, accidentally found that the port is not open. Attention to detail, firewall must start port.

Notes, please make a lot of corrections.

This article is from the "Nginx Installation Optimization" blog, please be sure to keep this source http://mrdeng.blog.51cto.com/3736360/1943644

Nginx Reverse proxy http and HTTPS configuration