In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-07 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Nginx can reverse proxy http, but also can proxy https, but requires a ssl certificate. A good certificate is recommended here:
Https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E
The steps are very detailed.
Install the nginx reference:
Http://mrdeng.blog.51cto.com/3736360/1735313
When compiling, you need to develop a ssl module:
-- with-http_ssl_module to enable nginx's support for ssl.
After the installation is complete, configure the conf file for the reverse proxy's nginx:
User www www
Worker_processes 2
# worker_cpu_affinity 0001 0010 0100 1000
Error_log / opt/web/nginx_error.log crit
Pid / usr/local/nginx/logs/nginx.pid
# Specifies the value for maximum file descriptors that can be opened by this process.
Worker_rlimit_nofile 51200
Events
{
Use epoll
Worker_connections 51200
# multi_accept on
}
Http
{
Include mime.types
Default_type application/octet-stream
Charset utf-8
Server_names_hash_bucket_size 128
Client_header_buffer_size 32k
Large_client_header_buffers 4 32k
# client_max_body_size 8m
Sendfile on
Tcp_nopush on
Keepalive_timeout 120
Fastcgi_connect_timeout 400
Fastcgi_send_timeout 400
Fastcgi_read_timeout 400
Fastcgi_buffer_size 64k
Fastcgi_buffers 4 64k
Fastcgi_busy_buffers_size 128k
Fastcgi_temp_file_write_size 128k
Tcp_nodelay on
Gzip on
Gzip_min_length 1k
Gzip_buffers 4 16k
Gzip_http_version 1.0
Gzip_comp_level 2
Gzip_types text/plain application/x-javascript text/css application/xml
Gzip_vary on
Server_tokens off
Client_max_body_size 512m; # maximum number of bytes of a single file that the client is allowed to request
Client_body_buffer_size 128k; # buffer proxy buffers maximum number of bytes requested by the client
Proxy_connect_timeout 600; # timeout for connecting to backend server, initiating handshake and waiting for response timeout
After the proxy_read_timeout 600; # connection is successful, wait for the response time of the backend server and wait in the backend queue.
Proxy_send_timeout 600; # backend server data return time, that is, the backend server must complete the data transfer within a specified time.
Proxy_buffer_size 16k; # proxy request cache, which stores the user's information for nginx to process. Generally, as long as the header can be saved
Information is fine.
Proxy_buffers 4 32k; # ditto, tell nginx how much space to save several Buffer for a single use
Proxy_busy_buffers_size 64k; # several larger proxy_buffer that you can apply for if the system is busy
Proxy_temp_file_write_size 64k; # Cache temporary file size
# log format
Log_format access'$remote_addr-$remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer"'
'"$http_user_agent" $http_x_forwarded_for'
Upstream gw2 {
Server 172.16.88.21:80
}
Server {
Listen 443
Ssl on
Ssl_certificate / opt/ssl/xxx.com.cer
Ssl_certificate_key / opt/ssl/xxx.com.key
Server_name www.xxx.com
Location / {
Proxy_pass http://gw2;
Proxy_redirect off
Limit_req zone=gw6lapp burst=100 nodelay
Proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header
Proxy_set_header Host $host
Proxy_set_header X-Forwarded-Proto https
Proxy_set_header X-Forwarded-For $remote_addr
Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
Proxy_headers_hash_max_size 51200
Proxy_headers_hash_bucket_size 6400
}
}
Server {
Listen 80
Server_name www.xxx.com
Rewrite ^ (. *) https://$server_name$1 permanent
}
That's what the configuration file is. You can access http://www.xxx.com and automatically jump to https://www.xxx.com.
What is used here is the rewrite function of nginx permanent is to achieve a permanent jump.
Note:
When I was working on it, I didn't open port 443. I did it for a few hours and accidentally found that the port was not open. Pay attention to the details, the firewall must open the port.
Please correct your notes and essays.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.