Background:
Recently because of work needs, need to do a proxy in the Web front end, to solve the needs of some users can not access, before the Nginx reverse proxy has been implemented to the Web proxy, but later found that there are sites for HTTPS, so find some information, collated a bit, the test is complete.
Method:
The related deployment and configuration of Nginx Proxy Web site ttxsgoto.com are mainly as follows:
#!/bin/bash
path_soft=$ (PWD)
function Base () {
Yum-y install make GCC gcc-c++ autoconf
}
function Install () {
Groupadd www
Useradd-g www www
wget http://1.1.1.1/nginx/pcre-8.36.tar.gz
Tar zxvf pcre-8.36.tar.gz
CD pcre-8.36
./configure
Make && make install
wget http://1.1.1.1/nginx/nginx-1.6.2.tar.gz
Tar zxvf nginx-1.6.2.tar.gz
CD nginx-1.6.2
./configure--user=www--group=www--prefix=/usr/local/web/nginx--with-http_stub_status_module--with-http_ssl_ Module
Make &&make Install
}
function Config () {
Sed-i "s#\ #gzip \ \ on;#\ #gzip \ \ on;\n\n include\ \ vhosts/*.conf; #g "/usr/local/web/nginx/conf/nginx.conf
Mkdir/usr/local/web/nginx/conf/vhosts
Cat << EOF >>/usr/local/web/nginx/conf/vhosts/ttxsgoto.com.conf
Server
{
Listen 80;
server_name ttxsgoto.com;
CharSet GB2312;
Index index.html index.htm;
root/date/wwwroot/ttxsgoto.com/;
Location ~ ^/nginxstatus/{
Stub_status on;
Access_log off;
}
Location/{
Proxy_redirect off;
Proxy_set_header Host \ $host;
Proxy_set_header x-real-ip \ $remote _addr;
Proxy_set_header remote-host \ $remote _addr;
Proxy_set_header x-forwarded-for \ $proxy _add_x_forwarded_for;
Client_max_body_size 50m;
Client_body_buffer_size 256k;
Proxy_connect_timeout 30;
Proxy_send_timeout 30;
Proxy_read_timeout 60;
Proxy_buffer_size 256k;
Proxy_buffers 4 256k;
Proxy_busy_buffers_size 256k;
Proxy_temp_file_write_size 256k;
Proxy_next_upstream Error timeout Invalid_header http_500 http_503 http_404;
Proxy_max_temp_file_size 128m;
Proxy_pass http://ttxsgoto.com;
}
}
Server
{
Listen 8081;
server_name ttxsgoto.com:8081;
CharSet GB2312;
Index index.html index.htm;
root/date/wwwroot/ttxsgoto.com/;
Location ~ ^/nginxstatus/{
Stub_status on;
Access_log off;
}
Location/{
Proxy_redirect off;
Proxy_set_header Host \ $host;
Proxy_set_header x-real-ip \ $remote _addr;
Proxy_set_header remote-host \ $remote _addr;
Proxy_set_header x-forwarded-for \ $proxy _add_x_forwarded_for;
Client_max_body_size 50m;
Client_body_buffer_size 256k;
Proxy_connect_timeout 30;
Proxy_send_timeout 30;
Proxy_read_timeout 60;
Proxy_buffer_size 256k;
Proxy_buffers 4 256k;
Proxy_busy_buffers_size 256k;
Proxy_temp_file_write_size 256k;
Proxy_next_upstream Error timeout Invalid_header http_500 http_503 http_404;
Proxy_max_temp_file_size 128m;
Proxy_pass http://ttxsgoto.com:8081;
}
}
Eof
Cat << EOF >>/etc/hosts
2.2.2.2 ttxsgoto.com
Eof
Ln-s/usr/local/lib/libpcre.so.1/lib64/
Ulimit-shn 51200
}
function Start () {
/usr/local/web/nginx/sbin/nginx
}
function Main () {
Base
Install
Config
Start
}
Main
At this point, the installation and configuration of the Nginx proxy web has been completed, the authentication method: Modify the Hosts file locally: x.x.x.x ttxsgoto.com, browse access to the page successfully.
Implementation of proxy https:
1. Create a new directory in/usr/local/web/nginx/conf SSL (creating the relevant SSL file)
OpenSSL genrsa-des3-out Ttxsgoto.com.key 1024
OpenSSL Req-new-key ttxsgoto.com.key-out TTXSGOTO.COM.CSR
CP Ttxsgoto.com.key Ttxsgoto.com.key.orgi
OpenSSL rsa-in ttxsgoto.com.key.orgi-out Ttxsgoto.com.key
OpenSSL x509-req-days 365-in ttxsgoto.com.csr-signkey ttxsgoto.com.key-out ttxsgoto.com.crt
2. Add the relevant configuration in nginx.conf (content below):
Include vhosts/ttxsgoto.com.conf;
server {
Listen 80;
server_name localhost;
Location/{
root HTML;
Index index.html index.htm;
}
Error_page 502 503 504/50x.html;
Location =/50x.html {
root HTML;
}
}
server {
Listen 443 SSL;
server_name ttxsgoto.com;
SSL on;
Ssl_certificate SSL/TTXSGOTO.COM.CRT;
Ssl_certificate_key Ssl/ttxsgoto.com.key;
Keepalive_timeout 60;
Ssl_protocols SSLv2 SSLv3 TLSv1;
Ssl_prefer_server_ciphers on;
Access_log/usr/local/web/nginx/logs/ssl-access.log;
Error_log/usr/local/web/nginx/logs/ssl-error.log;
Location/{
Proxy_pass https://ttxsgoto.com;
Proxy_next_upstream Error timeout Invalid_header http_500 http_502 http_503;
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_set_header X-forwarded-proto HTTPS;
Proxy_redirect off;
}
}
}
Configuration file contents of ttxsgot.com.conf under 3.vhosts directory:
Server
{
Listen 80;
server_name ttxsgoto.com;
CharSet GB2312;
Index index.html index.htm;
root/date/wwwroot/ttxsgoto.com/;
Location ~ ^/nginxstatus/{
Stub_status on;
Access_log off;
}
Location/{
Proxy_redirect off;
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header remote-host $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Client_max_body_size 50m;
Client_body_buffer_size 256k;
Proxy_connect_timeout 30;
Proxy_send_timeout 30;
Proxy_read_timeout 60;
Proxy_buffer_size 256k;
Proxy_buffers 4 256k;
Proxy_busy_buffers_size 256k;
Proxy_temp_file_write_size 256k;
Proxy_next_upstream Error timeout Invalid_header http_500 http_503 http_404;
Proxy_max_temp_file_size 128m;
Proxy_pass http://ttxsgoto.com;
}
}
Server
{
Listen 8082;
server_name ttxsgoto.com:8082;
CharSet GB2312;
Index index.html index.htm;
root/date/wwwroot/ttxsgoto.com/;
Location ~ ^/nginxstatus/{
Stub_status on;
Access_log off;
}
Location/{
Proxy_redirect off;
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header remote-host $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Client_max_body_size 50m;
Client_body_buffer_size 256k;
Proxy_connect_timeout 30;
Proxy_send_timeout 30;
Proxy_read_timeout 60;
Proxy_buffer_size 256k;
Proxy_buffers 4 256k;
Proxy_busy_buffers_size 256k;
Proxy_temp_file_write_size 256k;
Proxy_next_upstream Error timeout Invalid_header http_500 http_503 http_404;
Proxy_max_temp_file_size 128m;
Proxy_pass http://ttxsgoto:8082;
}
}
4. Parsing of adding/etc/hosts
2.2.2.2 ttxsgoto.com
5.iptables firewall Open related ports, like here open 80,8082,443 to extranet access
6. Verify that the local Hosts file is modified, the browser verifies that the access is successful, and the Nginx reverse proxy HTTPS is complete!
This article from the "Day Up goto" blog, please be sure to keep this source http://ttxsgoto.blog.51cto.com/4943095/1579882
Nginx Reverse Proxy HTTPS service