';
sub_filter '
sub_filter '
' '
';
sub_filter_once off;
subs_filter '
sub_filter_once off;
subs_filter '
' '
' o;
proxy_pass http://aaa.com;
proxy_cache_key "$scheme://$host$request_uri";
proxy_cache cache_one;
proxy_cache_valid 200 304 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer http://aaa.com;
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
}
}
}
{
See sample authentication script at:
http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
auth_http localhost/auth.php;
pop3_capabilities "TOP" "USER";
imap_capabilities "IMAP4rev1" "UIDPLUS";
{
listen localhost:110;
protocol pop3;
proxy on;
/>
{
listen localhost:143;
protocol imap;
proxy on;
/>#}
我服务器的代理,把 node 起的服务用 nginx 代理出去,你借鉴一下
server {
listen 443;
server_name xxx.xxx.cn;
ssl on;
ssl_certificate ca.crt;
ssl_certificate_key ca.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Methods GET,PUT,DELETE,POST,OPTIONS;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers token,content-type;
return 204;
}
proxy_pass http://127.0.0.1:3000/;
add_header Access-Control-Allow-Origin *;
}
}
说下在用的思路,
https://bbb.com 回源到 http://aaa.com
http://aaa.com 判断非本地来路 IP 则跳转 https://bbb.com
不就开一个 TLS 的站,然后 proxy_pass http://
代理
```conf
可以用来做负载均衡,或者只需要一个后端 ip+端口
upstream backend-server {
server 192.168.0.99:443;
}
所有 http 请求,都跳转到 https
server {
listen 80;
server_name www.sample.org;
return 301 https://$host$request_uri;
}
https
server {
listen 443 ssl;
server_name www.sample.org;
ssl_certificate /etc/nginx/ssl/xxxxx.crt;
ssl_certificate_key /etc/nginx/ssl/xxxxxxxx.key;
location / {
proxy_redirect off;
proxy_set_header host $host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_ssl_certificate /etc/nginx/ssl/xxxxxxxxx.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/xxxxxxxxx.key;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_pass https://backend-server;
}
}
```
后端主机
```
server {
listen 443 ssl;
server_name www.sample.org;
ssl_certificate /etc/nginx/ssl/xxxxx.crt;
ssl_certificate_key /etc/nginx/ssl/xxxxxxxx.key;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
```
奇怪 markdown 格式没解析。。 你自己处理下缩进吧。
这个方案在我测试服务器上是 ok 的。
为什么不直接把 http://aaa.com rewrite https://bbb.com 呢
https://imququ.com
推荐一个博客,看这个应该就够了
谢谢,确实不复杂,小白不懂。
proxy_pass http://aaa.com;
proxy_cache_key "$scheme://$host$request_uri";
proxy_cache cache_one;
proxy_cache_valid 200 304 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer http://aaa.com;
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
}
}
}
{
See sample authentication script at:
http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
auth_http localhost/auth.php;
pop3_capabilities "TOP" "USER";
imap_capabilities "IMAP4rev1" "UIDPLUS";
{
listen localhost:110;
protocol pop3;
proxy on;
/>
{
listen localhost:143;
protocol imap;
proxy on;
/>#}
我服务器的代理,把 node 起的服务用 nginx 代理出去,你借鉴一下
server {
listen 443;
server_name xxx.xxx.cn;
ssl on;
ssl_certificate ca.crt;
ssl_certificate_key ca.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Methods GET,PUT,DELETE,POST,OPTIONS;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers token,content-type;
return 204;
}
proxy_pass http://127.0.0.1:3000/;
add_header Access-Control-Allow-Origin *;
}
}
说下在用的思路,
https://bbb.com 回源到 http://aaa.com
http://aaa.com 判断非本地来路 IP 则跳转 https://bbb.com
不就开一个 TLS 的站,然后 proxy_pass http://
代理
```conf
可以用来做负载均衡,或者只需要一个后端 ip+端口
upstream backend-server {
server 192.168.0.99:443;
}
所有 http 请求,都跳转到 https
server {
listen 80;
server_name www.sample.org;
return 301 https://$host$request_uri;
}
https
server {
listen 443 ssl;
server_name www.sample.org;
ssl_certificate /etc/nginx/ssl/xxxxx.crt;
ssl_certificate_key /etc/nginx/ssl/xxxxxxxx.key;
location / {
proxy_redirect off;
proxy_set_header host $host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_ssl_certificate /etc/nginx/ssl/xxxxxxxxx.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/xxxxxxxxx.key;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_pass https://backend-server;
}
}
```
后端主机
```
server {
listen 443 ssl;
server_name www.sample.org;
ssl_certificate /etc/nginx/ssl/xxxxx.crt;
ssl_certificate_key /etc/nginx/ssl/xxxxxxxx.key;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
```
奇怪 markdown 格式没解析。。 你自己处理下缩进吧。
这个方案在我测试服务器上是 ok 的。
为什么不直接把 http://aaa.com rewrite https://bbb.com 呢
https://imququ.com
推荐一个博客,看这个应该就够了
谢谢,确实不复杂,小白不懂。
数据地带为您的网站提供全球顶级IDC资源
-
7x24
全年不间断在线 -
100%
数据安全保障 -
0元
贴心用户服务 -
3分钟
极速响应 -
免备案
全球线路精选 -
VIP级
金牌用户服务
Copyright © 2008-2021 数据地带 版权所有 渝ICP备09005130号