Nginx是否需要多个SSL上游服务器使用多个“ proxy_ssl_certificate”和“ proxy_ssl_certificate_key”?

时间:2019-07-25 03:56:10

标签: nginx nginx-reverse-proxy nginx-config

nginx是否需要每个上游服务器(即backend1.example.com和backend2.example.com)都需要多个proxy_ssl_certificateproxy_ssl_certificate_key,它们都需要客户端证书认证? 

http {
    #...
    upstream backend.example.com {
        server backend1.example.com:443;
        server backend2.example.com:443;
   }

    server {
        listen      80;
        server_name www.example.com;
        #...

        location /upstream {
            proxy_pass                    https://backend.example.com;
            proxy_ssl_certificate         /etc/nginx/client.pem;
            proxy_ssl_certificate_key     /etc/nginx/client.key;
            proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
            proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
            proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;

            proxy_ssl_verify        on;
            proxy_ssl_verify_depth  2;
            proxy_ssl_session_reuse on;
        }
    }

0 个答案:

没有答案
相关问题
最新问题