配置Nginx返现代理并导入ssl证书
一、配置Nginx反向代理
1、修改Nginx配置文件
vim /usr/local/nginx/conf/nginx.conf
在第三十五行开始改写
server {
listen 80;
server_name 192.168.99.12;
ssl_dhparam /usr/local/nginx/conf/dhparams.pem;
在第44行添加如下配置
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_fo r;
proxy_pass https://mail.beyondbit.com:443;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 256k;
2、导入ssl证书
在HTTP server模块导入ssl证书
108 server {
109 listen 443 ssl;
110 server_name 192.168.99.12;
111 root html;
112 index index.html index.htm;
113 ssl_certificate /etc/ssl/mail.beyondbit.com.crt;
114 ssl_certificate_key /etc/ssl/mail.beyondbit.com.key;
115 ssl_session_timeout 5m;
116 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NU LL:!aNULL:!MD5:!ADH:!RC4;
117 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
118 ssl_prefer_server_ciphers on;
119 location / {
120 proxy_pass https://mail.beyondbit.com:443;
121 }
122 }
3、wq保存退出,重启Nginx服务
systemctl restart nginx
配置完成输入本机ip就会自动跳转到需要代理的服务器页面