nginx反代https网站

反代的源站启用了ssl并且强制https。本次配置的环境为军哥的 lnmp1.5。

配置模板如下,先用 lnmp vhost add 添加虚拟主机,并且自动配置好 Let’s Encrypt 免费ssl证书。源站为www.a.com,反代站为www.b.com

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name www.b.com;

        ssl on;
        ssl_certificate /usr/local/nginx/conf/ssl/www.b.com/fullchain.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/www.b.com/www.b.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

    location / {
        sub_filter www.a.com www.b.com;
        proxy_pass        https://www.a.com;
        proxy_set_header   X-Real-IP 源站IP地址;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Referer https://www.a.com;
	    proxy_set_header REMOTE-HOST $remote_addr;
        add_header X-Cache $upstream_cache_status;
        proxy_set_header Accept-Encoding "";
        sub_filter "www.a.com" "www.b.com";
        sub_filter_once off;
        expires 12h;
    }
	
    access_log  /root/log/www.b.com.log;
}

server
        {
        listen 80;
        server_name www.b.com;
        return 301 https://www.b.com$request_uri;
}

 

此方法不适用于反代Google。反代Google比较麻烦,主要是反代Google会出现验证码,这个跟vps ip有关,估计是Google屏蔽了某些ip段,误以为是机器人吧。

分享到:

0 条评论

昵称

沙发空缺中,还不快抢~