如何使用HttpSubsModule更正Tumblr的Nginx反向代理

时间:2014-10-31 07:47:15

标签: nginx proxy

我正努力使用自己的域名使用SSL / https(https://example.com)创建我的网站,并在没有Tumblr网址的情况下显示我的Tumblr博客(example.tumblr.com)。

HttpSubsModule(由Weibin Yao提供)已添加到Nginx和/ etc / nginx / sites-available / reverse-proxy中,其中包含以下内容:

server
{
listen 443;
server_name example.com;




ssl on;
ssl_certificate /root/example_com.crt; 
ssl_certificate_key /root/example.key; 
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;


location / {
subs_filter_types text/html text/css text/xml;
subs_filter example.tumblr.com example.com g;
proxy_redirect http://example.tumblr.com/ /;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host "example.tumblr.com";
proxy_set_header Accept-Encoding "";
proxy_pass http://example.tumblr.com;

}

}

server
{
listen 80;
server_name example.com;
rewrite ^(.*) https://example.com/$1 permanent;


}
发生了2个问题: ①加载https://example.com时检测到Chrome签名的混合内容, ②单击任何图像时找不到404。

知道我在这里做错了吗?非常感谢。

1 个答案:

答案 0 :(得分:0)

该网站能够与以下配置一起使用:

server  {
listen 443 ssl spdy;
server_name example.org;

ssl on;
ssl_certificate /etc/nginx/ssl/example_org.crt;
ssl_certificate_key /etc/nginx/ssl/example_org.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;";

ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/certs/dhparam.pem;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

location / {
subs_filter_types text/css text/xml application/xhtml+xml application/xml;
subs_filter 'example.tumblr.com' 'example.org' g;
subs_filter 'http:' 'https:' g;

proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host "example.tumblr.com";
proxy_pass         http://example.tumblr.com;
proxy_ssl_session_reuse on;

proxy_cache_key "$scheme://$host$request_uri";
proxy_cache cache_one;
proxy_cache_valid  200 304 3h;
proxy_cache_valid 301 1d;
proxy_cache_valid any 10s;
}

}

server  {
listen 80;
server_name example.org www.example.org;

location / {
return         301 https://$host$request_uri;
}
}

server {
listen       443;
server_name  www.example.org;
return       301 https://example.org$request_uri;
}


server {
listen       80;
server_name  178.60.000.00;
return       301 https://example.org$request_uri;
}

在这种情况下,请注意代码subs_filter 'http:' 'https:' g;,这是代理保留配置成功的关键代码。

相关问题
最新问题