Nginx + Xamp + SSL奇怪行为

Question

如果以前提出这件事，我很抱歉，但我已经尝试了所有事情，现在我很难过。

我设置了XAMPP，然后是Nginx。我还设置Apache使用SSL。我设置Nginx也使用SSL。我试图建立一个反向代理，现在事情变得古怪了。我可以转到https://rocco.tk/dashboard/index.html，这表明nginx正在工作，并使用SSL在443上使用nginx从端口8080在端口80上提供我的页面。

但是如果你点击phpinfo，它会下载页面。但这是事情....如果你去http://rocco.tk/dashboard/phpinfo.php它工作正常。如果您使用端口8080并仅使用apache SSL，则会出现SSL错误。所以我只能假设有关于https和php的设置不正确。那个设置我开始在apache下跟踪Xampp然后迷路了。

我的整个尝试是使用nginx在apache上设置反向代理，这样我就可以使用nginx作为SSL的前端，并允许apache在该SSL上处理php。

下面是我的nginx配置文件...

＆＃13;

＆＃13;

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
error_log  logs/error.log  notice;
error_log  logs/error.log  info;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  off;

server {
        listen       80;
        server_name  rocco.tk;
 
        location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$
        {
            #root   html;
            root   C:/xampp/htdocs;
			index  index.html index.htm index.php;
            expires max;
        }
        #set default location
        location / {
            proxy_pass         http://127.0.0.1:8080;
        }
        #Adding location for phpmyadmin
        location /phpmyadmin {
            proxy_pass         http://127.0.0.1:8080/phpmyadmin;
            allow 127.0.0.1;
            deny all;
        }
	
        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:8080
        #
        location ~ \.php$ {

        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass https://127.0.0.1:8081;
        proxy_cache my-cache;
        proxy_cache_valid  200 302  60m;
        proxy_cache_valid  404      1m;
         }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
       #  location ~ /\.ht {
       #     deny  all;
       #  }
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  rocco.tk;

		ssl  on;
        ssl_certificate      C:\xampp\cert.crt;
        ssl_certificate_key  C:\xampp\cert.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
        ssl_prefer_server_ciphers  on;

        location / {
        try_files $uri $uri/ /index.php;
        }
    }

}

＆＃13;

＆＃13;

＆＃13;

这是我的httpd-ssl.conf

＆＃13;

＆＃13;

Listen 8081

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4

SSLHonorCipherOrder on 
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:C:/xampp/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300


<VirtualHost 127.0.0.1:8081>

DocumentRoot "C:/xampp/htdocs"
ServerName rocco.tk:8081
ServerAdmin rocco.paul@gmail.com
ErrorLog "C:/xampp/apache/logs/error.log"
TransferLog "C:/xampp/apache/logs/access.log"

SSLEngine on

SSLCertificateFile "conf/ssl.crt/server.crt"

SSLCertificateKeyFile "conf/ssl.key/server.key"

BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


CustomLog "C:/xampp/apache/logs/ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                  

＆＃13;

＆＃13;

＆＃13;

所以我有apache听8080. SSL监听8081.我有Nginx监听80和SSL监听443.

希望有人可以指出我正确的方向。谢谢！

Answer 1

这是Nginx的ssl.conf

HTTPS服务器

server {
    listen       443;
    server_name Ip_addr;

    ssl on;
    ssl_certificate     /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/cert-bundle.key;

 location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

}

确保您已将文件 .crt 和 .key 文件放在 / etc / nginx / ssl /

中

还运行以下命令重新启动nginx服务

sudo /etc/init.d/nginx restart