通过 NGINX 作为代理服务器绕过 https
Bypass https by NGINX as proxy server
我使用 nginx 作为常规代理服务器。但是,它只适用于 http 而不是 https。它 returns https 的错误页面 requests.Is 有没有办法配置 NGINX 使其绕过 https?
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
resolver 114.114.114.114;
listen 8228;
server_name localhost;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
您必须使用 https 相关设置添加新的 server 位置,这可能会完成工作:
server {
resolver 114.114.114.114;
// note the port is changed, you can't serve HTTP and HTTPS on same port
listen 8229 ssl;
// here you must place valid certificates (may be self-singed)
// startssl example:
// # (cat example.com.pem & wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem) | tee -a /etc/nginx/ssl/domain.pem > /dev/null
ssl_certificate /etc/nginx/domain.pem;
// private key decoded, example
// # openssl rsa -in decoded.key -out domain.key
ssl_certificate_key /etc/nginx/domain.key;
server_name localhost;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
}
为了足够的安全性,您必须在生产中使用 HTTPS 配置的许多可选参数,我已经描述过 really good security configuration on github gist by link, also official documentation on ssl module 是一个很好的起点。
我使用 nginx 作为常规代理服务器。但是,它只适用于 http 而不是 https。它 returns https 的错误页面 requests.Is 有没有办法配置 NGINX 使其绕过 https?
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
resolver 114.114.114.114;
listen 8228;
server_name localhost;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
您必须使用 https 相关设置添加新的 server 位置,这可能会完成工作:
server {
resolver 114.114.114.114;
// note the port is changed, you can't serve HTTP and HTTPS on same port
listen 8229 ssl;
// here you must place valid certificates (may be self-singed)
// startssl example:
// # (cat example.com.pem & wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem) | tee -a /etc/nginx/ssl/domain.pem > /dev/null
ssl_certificate /etc/nginx/domain.pem;
// private key decoded, example
// # openssl rsa -in decoded.key -out domain.key
ssl_certificate_key /etc/nginx/domain.key;
server_name localhost;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
}
为了足够的安全性,您必须在生产中使用 HTTPS 配置的许多可选参数,我已经描述过 really good security configuration on github gist by link, also official documentation on ssl module 是一个很好的起点。