Nginx Reverse Proxy HTTPS service

Source: Internet
Author: User
Tags openssl rsa openssl x509 nginx reverse proxy

Background:

Recently because of work needs, need to do a proxy in the Web front end, to solve the needs of some users can not access, before the Nginx reverse proxy has been implemented to the Web proxy, but later found that there are sites for HTTPS, so find some information, collated a bit, the test is complete.

Method:

The related deployment and configuration of Nginx Proxy Web site ttxsgoto.com are mainly as follows:

#!/bin/bash

path_soft=$ (PWD)


function Base () {

Yum-y install make GCC gcc-c++ autoconf

}


function Install () {

Groupadd www

Useradd-g www www


wget http://1.1.1.1/nginx/pcre-8.36.tar.gz

Tar zxvf pcre-8.36.tar.gz

CD pcre-8.36

./configure

Make && make install


wget http://1.1.1.1/nginx/nginx-1.6.2.tar.gz

Tar zxvf nginx-1.6.2.tar.gz

CD nginx-1.6.2

./configure--user=www--group=www--prefix=/usr/local/web/nginx--with-http_stub_status_module--with-http_ssl_ Module

Make &&make Install

}

function Config () {

Sed-i "s#\ #gzip \ \ on;#\ #gzip \ \ on;\n\n include\ \ vhosts/*.conf; #g "/usr/local/web/nginx/conf/nginx.conf

Mkdir/usr/local/web/nginx/conf/vhosts


Cat << EOF >>/usr/local/web/nginx/conf/vhosts/ttxsgoto.com.conf

Server

{

Listen 80;

server_name ttxsgoto.com;

CharSet GB2312;

Index index.html index.htm;

root/date/wwwroot/ttxsgoto.com/;

Location ~ ^/nginxstatus/{

Stub_status on;

Access_log off;

}

Location/{

Proxy_redirect off;

Proxy_set_header Host \ $host;

Proxy_set_header x-real-ip \ $remote _addr;

Proxy_set_header remote-host \ $remote _addr;

Proxy_set_header x-forwarded-for \ $proxy _add_x_forwarded_for;

Client_max_body_size 50m;

Client_body_buffer_size 256k;

Proxy_connect_timeout 30;

Proxy_send_timeout 30;

Proxy_read_timeout 60;

Proxy_buffer_size 256k;

Proxy_buffers 4 256k;

Proxy_busy_buffers_size 256k;

Proxy_temp_file_write_size 256k;

Proxy_next_upstream Error timeout Invalid_header http_500 http_503 http_404;

Proxy_max_temp_file_size 128m;

Proxy_pass http://ttxsgoto.com;

}

}

Server

{

Listen 8081;

server_name ttxsgoto.com:8081;

CharSet GB2312;

Index index.html index.htm;

root/date/wwwroot/ttxsgoto.com/;

Location ~ ^/nginxstatus/{

Stub_status on;

Access_log off;

}

Location/{

Proxy_redirect off;

Proxy_set_header Host \ $host;

Proxy_set_header x-real-ip \ $remote _addr;

Proxy_set_header remote-host \ $remote _addr;

Proxy_set_header x-forwarded-for \ $proxy _add_x_forwarded_for;

Client_max_body_size 50m;

Client_body_buffer_size 256k;

Proxy_connect_timeout 30;

Proxy_send_timeout 30;

Proxy_read_timeout 60;

Proxy_buffer_size 256k;

Proxy_buffers 4 256k;

Proxy_busy_buffers_size 256k;

Proxy_temp_file_write_size 256k;

Proxy_next_upstream Error timeout Invalid_header http_500 http_503 http_404;

Proxy_max_temp_file_size 128m;

Proxy_pass http://ttxsgoto.com:8081;

}

}

Eof

Cat << EOF >>/etc/hosts

2.2.2.2 ttxsgoto.com

Eof

Ln-s/usr/local/lib/libpcre.so.1/lib64/

Ulimit-shn 51200

}

function Start () {

/usr/local/web/nginx/sbin/nginx

}

function Main () {

Base

Install

Config

Start

}

Main

At this point, the installation and configuration of the Nginx proxy web has been completed, the authentication method: Modify the Hosts file locally: x.x.x.x ttxsgoto.com, browse access to the page successfully.

Implementation of proxy https:

1. Create a new directory in/usr/local/web/nginx/conf SSL (creating the relevant SSL file)

OpenSSL genrsa-des3-out Ttxsgoto.com.key 1024

OpenSSL Req-new-key ttxsgoto.com.key-out TTXSGOTO.COM.CSR

CP Ttxsgoto.com.key Ttxsgoto.com.key.orgi

OpenSSL rsa-in ttxsgoto.com.key.orgi-out Ttxsgoto.com.key

OpenSSL x509-req-days 365-in ttxsgoto.com.csr-signkey ttxsgoto.com.key-out ttxsgoto.com.crt

2. Add the relevant configuration in nginx.conf (content below):

Include vhosts/ttxsgoto.com.conf;

server {

Listen 80;

server_name localhost;

Location/{

root HTML;

Index index.html index.htm;

}

Error_page 502 503 504/50x.html;

Location =/50x.html {

root HTML;

}

}

server {

Listen 443 SSL;

server_name ttxsgoto.com;

SSL on;

Ssl_certificate SSL/TTXSGOTO.COM.CRT;

Ssl_certificate_key Ssl/ttxsgoto.com.key;

Keepalive_timeout 60;

Ssl_protocols SSLv2 SSLv3 TLSv1;

Ssl_prefer_server_ciphers on;

Access_log/usr/local/web/nginx/logs/ssl-access.log;

Error_log/usr/local/web/nginx/logs/ssl-error.log;

Location/{

Proxy_pass https://ttxsgoto.com;

Proxy_next_upstream Error timeout Invalid_header http_500 http_502 http_503;

Proxy_set_header Host $host;

Proxy_set_header X-real-ip $remote _addr;

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

Proxy_set_header X-forwarded-proto HTTPS;

Proxy_redirect off;

}

}

}

Configuration file contents of ttxsgot.com.conf under 3.vhosts directory:

Server

{

Listen 80;

server_name ttxsgoto.com;

CharSet GB2312;

Index index.html index.htm;

root/date/wwwroot/ttxsgoto.com/;

Location ~ ^/nginxstatus/{

Stub_status on;

Access_log off;

}

Location/{

Proxy_redirect off;

Proxy_set_header Host $host;

Proxy_set_header X-real-ip $remote _addr;

Proxy_set_header remote-host $remote _addr;

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

Client_max_body_size 50m;

Client_body_buffer_size 256k;

Proxy_connect_timeout 30;

Proxy_send_timeout 30;

Proxy_read_timeout 60;

Proxy_buffer_size 256k;

Proxy_buffers 4 256k;

Proxy_busy_buffers_size 256k;

Proxy_temp_file_write_size 256k;

Proxy_next_upstream Error timeout Invalid_header http_500 http_503 http_404;

Proxy_max_temp_file_size 128m;

Proxy_pass http://ttxsgoto.com;

}

}

Server

{

Listen 8082;

server_name ttxsgoto.com:8082;

CharSet GB2312;

Index index.html index.htm;

root/date/wwwroot/ttxsgoto.com/;

Location ~ ^/nginxstatus/{

Stub_status on;

Access_log off;

}

Location/{

Proxy_redirect off;

Proxy_set_header Host $host;

Proxy_set_header X-real-ip $remote _addr;

Proxy_set_header remote-host $remote _addr;

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

Client_max_body_size 50m;

Client_body_buffer_size 256k;

Proxy_connect_timeout 30;

Proxy_send_timeout 30;

Proxy_read_timeout 60;

Proxy_buffer_size 256k;

Proxy_buffers 4 256k;

Proxy_busy_buffers_size 256k;

Proxy_temp_file_write_size 256k;

Proxy_next_upstream Error timeout Invalid_header http_500 http_503 http_404;

Proxy_max_temp_file_size 128m;

Proxy_pass http://ttxsgoto:8082;

}

}

4. Parsing of adding/etc/hosts
2.2.2.2 ttxsgoto.com

5.iptables firewall Open related ports, like here open 80,8082,443 to extranet access

6. Verify that the local Hosts file is modified, the browser verifies that the access is successful, and the Nginx reverse proxy HTTPS is complete!

This article from the "Day Up goto" blog, please be sure to keep this source http://ttxsgoto.blog.51cto.com/4943095/1579882

Nginx Reverse Proxy HTTPS service

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.