根据请求的来源将反向代理重定向到SSL

时间:2014-08-30 15:21:55

标签: redirect ssl nginx reverse-proxy

我有一台绑定到端口443的NGINX服务器,提供身份验证,并将所有SSL请求反向代理到一堆后端服务器。另一台服务器侦听端口80,但它暂时只会导致占位符页面。如何让NGINX将所有外部请求重定向到受SSL保护的站点,同时将所有Intranet请求重定向到没有SSL的相同站点?这是我的nginx.conf的相关部分:

server {
    listen       80;
    server_name  intranet;
allow 10.10.0.0/16;
    #charset koi8-r;
    access_log  logs/host.access.log  main;

#######################################
#
# locations on LOCALHOST
#
#######################################         

    location / {
    allow   all;
        root   /data/www;
            index  index.html index.htm;
        }
##############
# HTTPS server
##############

server {
    listen       443 ssl;
    server_name  localhost;

    ssl_certificate      /srv/ssl/ExternalSite.com.combined.crt;
    ssl_certificate_key  /srv/ssl/ExternalSite.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;


    #######################################
    #
    # Reverse proxy blocks
    #
    #######################################         


    #General ExternalSite web site
    location / {
        auth_basic "Please enter userid and password to enter the ExternalSite web site";
        auth_basic_user_file /var/www/www.ExternalSite.com/.htpasswd;
        proxy_buffers 16 4k;
        proxy_buffer_size 2k;
        proxy_buffering off;   
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Accept-Encoding "";
        proxy_pass http://10.10.10.16:2080;
        }       

    #nagios server 
    location  /nagios  {
        auth_basic "Please enter userid and password to enter the ExternalSite nagios web site";
        auth_basic_user_file /var/www/www.ExternalSite.com/.htpasswd;
        proxy_set_header Authorization $http_authorization;
        proxy_buffers 16 4k;
        proxy_buffer_size 2k;
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Accept-Encoding "";
        proxy_pass http://10.10.10.18/nagios;
        }       

    # # munin server
    location  /munin  {
        auth_basic "Please enter userid and password to enter the ExternalSite munin web site";
        auth_basic_user_file /var/www/www.ExternalSite.com/.htpasswd;
        proxy_set_header Authorization $http_authorization;
        proxy_buffers 16 4k;
        proxy_buffer_size 2k;
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Accept-Encoding "";
        proxy_pass http://10.10.10.18/munin;
        }       
    #######################################
    #
    # End of Reverse proxy blocks
    #
    #######################################         
    }

1 个答案:

答案 0 :(得分:1)

要拆分Intranet和外部请求,请创建另一个服务器部分并修改listen指令以包含相应的接口。 即,如果您的Intranet接口是10.10.10.1且公共IP是54.200.200.200,则对于Intranet,您将执行以下操作: 听10.10.10.1:80

对于外部请求: 听54.200.200.200:80

然后要重定向到ssl,请使用nginx return语句到同一服务器但使用https。

更新:示例Nginx配置架构(根据评论): 

#######################################
#
# Intranet server
#
#######################################         
server {
    listen       10.10.10.1:80 default_server;
    server_name  intranet;
    allow 10.10.0.0/16;
    deny all;
    # server configuration with all locations, proxy_passes, etc.
}

#######################################
#
# Internet server, redirecting to ssl
#
#######################################         
server {
    listen       80;
    server_name  www.yourdomain.com;

    location / {
      return https://www.yourdomain.com$request_uri;
    }
}
##############
# HTTPS server
##############

server {
    listen       443 ssl;
    server_name  www.yourdomain.com;
    # server configuration with all locations, proxy_passes, etc.
}
相关问题
最新问题