我是nginx的新手。我在linode ubuntu 16.04服务器上安装了Nginx + varnish + hitch + let加密进行测试。 我尝试按照清漆博客中的说明进行操作,并能够连接https://。
https://info.varnish-software.com/blog/five-steps-to-secure-varnish-with-hitch-and-lets-encrypt
问题是,我不知道如何配置Nginx SSL。 HTTPS和HTTP都运行正常。但不是重定向到默认的https。
我尝试了此链接中给出的所有nginx设置。但它不起作用https://vincent.composieux.fr/article/install-configure-and-automatically-renew-let-s-encrypt-ssl-certificate。
让我知道如何配置。
以下是Nginx文件。
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/example.com/html/wordpress;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#fastcgi_index index.php;
# include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
{
# try_files $uri $uri/ =404;
# }
#}
答案 0 :(得分:0)
我建议你使用HAProxy设置非常简单,我现在有
:443 HAPROXY(SSL):8080 VARNISH - > :9080 JBoss应用程序
这是我的haproxy配置:
global
debug
log 127.0.0.1 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 40
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
ssl-default-bind-options no-sslv3
defaults
mode http
log global
option httplog
option dontlognull
retries 3
timeout http-request 1m
timeout queue 1m
timeout connect 30s
timeout client 2m
timeout server 1m
timeout http-keep-alive 30s
timeout check 30s
listen stats
bind *:1936
stats enable
stats uri /
stats hide-version
stats realm Haproxy\ Statistics
stats auth haproxy:PASS
frontend main
bind 0.0.0.0:80
bind 0.0.0.0:443 ssl crt /etc/haproxy/<HOSTNAME>.pem
http-request set-header Host <HOSTNAME>
redirect scheme https if !{ ssl_fc }
acl is_root path -i /
acl is_domain hdr(host) -i <HOSTNAME>
redirect code 301 location https://<HOSTNAME>/<APP> if is_domain is_root
default_backend app
backend app
mode http
balance roundrobin
option forwardfor
acl h_xff_exists req.hdr(X-Forwarded-For) -m found
http-request replace-header X-Forwarded-For (.*) %[src],\1 if h_xff_exists
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
default-server inter 10s fall 2 rise 1
server var 127.0.0.1:8080 check