Nginx self-Signed https and reverse proxy

Nginx self-Signed https and reverse proxy
Scenario

The company's wiki Server and docker private registry are both on the company's desktop cloud. Due to the shortage of public IP resources, each of these servers cannot be configured with a public IP address and can only be accessed through one public IP address, therefore, you need to use Nginx as a reverse proxy to access some servers. In addition, these services must be accessed over https.

Server	Intranet IP Address
Wiki.renhl.com	172.16100.47
Hub.renhl.com	172.16100.48

Generate a self-signed certificate

Because it is used by your company, you do not need to apply for a certificate for authentication. You can use a self-signed certificate.

$ sudo mkdir -p /etc/nginx/ssl$ sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Configure reverse proxy

Edit/etc/nginx/sites-available/default, Add the following content:

upstream wiki  {    server 172.168.100.47:80; # wiki.renhl.com}upstream hub  {    server 172.168.100.48; # hub.renhl.com}## Start wiki.renhl.com ##server {    listen 80;    listen 443 ssl;    ssl_certificate /etc/nginx/ssl/nginx.crt;    ssl_certificate_key /etc/nginx/ssl/nginx.key;    server_name  wiki.ecloud.com.cn;    access_log  /var/log/nginx/wiki.renhl.access.log;    error_log  /var/log/nginx/wiki.renhl.error.log;    root   /usr/share/nginx/html;    index  index.html index.htm;    ## send request back to apache1 ##    location / {     proxy_pass  http://wiki;     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;     proxy_redirect off;     proxy_buffering off;     proxy_set_header        Host            $host;     proxy_set_header        X-Real-IP       $remote_addr;     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;   }}## End wiki.renhl.com #### START hub.renhl.com ##server {    server_name hub.renhl.com;    listen 80;    listen 443 ssl;    ssl_certificate /etc/nginx/ssl/nginx.crt;    ssl_certificate_key /etc/nginx/ssl/nginx.key;   access_log  /var/log/nginx/hub.renhl.access.log;   error_log   /var/log/nginx/hub.renhl.error.log;   root        /usr/local/nginx/html;   index       index.html;   location / {        proxy_pass  https://hub;        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;        proxy_redirect off;        proxy_buffering off;        proxy_set_header        Host           $host;        proxy_set_header        X-Real-IP       $remote_addr;        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;    }}## END hub.renhl.com  ##

IP address limit

For security reasons, to prohibit people outside of the company from accessing these services, set in nginx to only allow access from the company's IP address. In the preceding two configurations, add the following content:

allow 111.206.238.12;allow 111.206.238.94;deny all;

Exam Literature

• Https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04
• Http://www.cyberciti.biz/tips/using-nginx-as-reverse-proxy.html

For more Nginx tutorials, see the following:

Deployment of Nginx + MySQL + PHP in CentOS 6.2

Build a WEB server using Nginx

Build a Web server based on Linux6.3 + Nginx1.2 + PHP5 + MySQL5.5

Performance Tuning for Nginx in CentOS 6.3

Configure Nginx to load the ngx_pagespeed module in CentOS 6.3

Install and configure Nginx + Pcre + php-fpm in CentOS 6.4

Nginx installation and configuration instructions

Nginx log filtering using ngx_log_if does not record specific logs

Nginx details: click here
Nginx: click here

This article permanently updates the link address: