Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Nginx reverse proxy http and https configuration

2025-04-07 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Nginx can reverse proxy http, but also can proxy https, but requires a ssl certificate. A good certificate is recommended here:

Https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E

The steps are very detailed.

Install the nginx reference:

Http://mrdeng.blog.51cto.com/3736360/1735313

When compiling, you need to develop a ssl module:

-- with-http_ssl_module to enable nginx's support for ssl.

After the installation is complete, configure the conf file for the reverse proxy's nginx:

User www www

Worker_processes 2

# worker_cpu_affinity 0001 0010 0100 1000

Error_log / opt/web/nginx_error.log crit

Pid / usr/local/nginx/logs/nginx.pid

# Specifies the value for maximum file descriptors that can be opened by this process.

Worker_rlimit_nofile 51200

Events

{

Use epoll

Worker_connections 51200

# multi_accept on

}

Http

{

Include mime.types

Default_type application/octet-stream

Charset utf-8

Server_names_hash_bucket_size 128

Client_header_buffer_size 32k

Large_client_header_buffers 4 32k

# client_max_body_size 8m

Sendfile on

Tcp_nopush on

Keepalive_timeout 120

Fastcgi_connect_timeout 400

Fastcgi_send_timeout 400

Fastcgi_read_timeout 400

Fastcgi_buffer_size 64k

Fastcgi_buffers 4 64k

Fastcgi_busy_buffers_size 128k

Fastcgi_temp_file_write_size 128k

Tcp_nodelay on

Gzip on

Gzip_min_length 1k

Gzip_buffers 4 16k

Gzip_http_version 1.0

Gzip_comp_level 2

Gzip_types text/plain application/x-javascript text/css application/xml

Gzip_vary on

Server_tokens off

Client_max_body_size 512m; # maximum number of bytes of a single file that the client is allowed to request

Client_body_buffer_size 128k; # buffer proxy buffers maximum number of bytes requested by the client

Proxy_connect_timeout 600; # timeout for connecting to backend server, initiating handshake and waiting for response timeout

After the proxy_read_timeout 600; # connection is successful, wait for the response time of the backend server and wait in the backend queue.

Proxy_send_timeout 600; # backend server data return time, that is, the backend server must complete the data transfer within a specified time.

Proxy_buffer_size 16k; # proxy request cache, which stores the user's information for nginx to process. Generally, as long as the header can be saved

Information is fine.

Proxy_buffers 4 32k; # ditto, tell nginx how much space to save several Buffer for a single use

Proxy_busy_buffers_size 64k; # several larger proxy_buffer that you can apply for if the system is busy

Proxy_temp_file_write_size 64k; # Cache temporary file size

# log format

Log_format access'$remote_addr-$remote_user [$time_local] "$request"'

'$status $body_bytes_sent "$http_referer"'

'"$http_user_agent" $http_x_forwarded_for'

Upstream gw2 {

Server 172.16.88.21:80

}

Server {

Listen 443

Ssl on

Ssl_certificate / opt/ssl/xxx.com.cer

Ssl_certificate_key / opt/ssl/xxx.com.key

Server_name www.xxx.com

Location / {

Proxy_pass http://gw2;

Proxy_redirect off

Limit_req zone=gw6lapp burst=100 nodelay

Proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header

Proxy_set_header Host $host

Proxy_set_header X-Forwarded-Proto https

Proxy_set_header X-Forwarded-For $remote_addr

Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

Proxy_headers_hash_max_size 51200

Proxy_headers_hash_bucket_size 6400

}

}

Server {

Listen 80

Server_name www.xxx.com

Rewrite ^ (. *) https://$server_name$1 permanent

}

That's what the configuration file is. You can access http://www.xxx.com and automatically jump to https://www.xxx.com.

What is used here is the rewrite function of nginx permanent is to achieve a permanent jump.

Note:

When I was working on it, I didn't open port 443. I did it for a few hours and accidentally found that the port was not open. Pay attention to the details, the firewall must open the port.

Please correct your notes and essays.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report