nginx配置https转发

nginx转发https相关配置

1.安装nginx和所需的module

#安装编译依赖
yum install -y gcc gcc-c++  pcre pcre-devel zlib zlib-devel openssl openssl-devel
wget https://nginx.org/download/nginx-1.18.0.tar.gz
tar zxvf nginx-1.18.0.tar.gz
cd nginx-1.18.0
#添加https转发需要的module
./configure --prefix=/usr/local/nginx  --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module
make && make install

2.配置

备份
cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf-bak
修改config(走4层，如果走7层可能需要目标网站证书)
vi /usr/local/nginx/conf/nginx.conf

user  root;
worker_processes  auto;
error_log  logs/error.log;
pid        logs/nginx.pid;
worker_rlimit_core   2G;
worker_rlimit_nofile 65535;
events {
    worker_connections  81920;
}
stream {
    log_format  main  '$remote_addr - [$time_local] $connection '
                      '$status $proxy_protocol_addr $server_addr ';
    access_log  logs/access.log  main;
    resolver 114.114.114.114;
    resolver_timeout 60s;
    variables_hash_bucket_size 512;
    server {
        listen      443;
        ssl_preread on;
        proxy_pass $ssl_preread_server_name:443;

    }
}

验证配置：
/usr/local/nginx/sbin/nginx -t

启动
/usr/local/nginx/sbin/nginx

客户机配置
vim /etc/hosts

#添加本地映射
192.168.10.100	api.open.uc.cn

3.测试

curl -i https://api.open.uc.cn

参考：
https://www.dazhuanlan.com/2020/01/16/5e1febfd751bc/
https://www.cnblogs.com/mangoVic/p/12239044.html
https://www.cnblogs.com/mangoVic/p/8359864.html