我使用nginx作为常规代理服务器。但是,它仅适用于http但不适用于https。它返回https请求的错误页面。有没有办法配置NGINX以绕过https?
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
resolver 114.114.114.114;
listen 8228;
server_name localhost;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
答案 0 :(得分:3)
您必须使用https相关设置添加新的server位置,这可能会完成以下任务:
server {
resolver 114.114.114.114;
// note the port is changed, you can't serve HTTP and HTTPS on same port
listen 8229 ssl;
// here you must place valid certificates (may be self-singed)
// startssl example:
// # (cat example.com.pem & wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem) | tee -a /etc/nginx/ssl/domain.pem > /dev/null
ssl_certificate /etc/nginx/domain.pem;
// private key decoded, example
// # openssl rsa -in decoded.key -out domain.key
ssl_certificate_key /etc/nginx/domain.key;
server_name localhost;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
}
为了足够的安全性,必须在生产中使用许多可配置的HTTPS配置参数,我已经通过链接在github gist上描述了really good security configuration,同样official documentation on ssl module是一个很好的起点。