nginx代理的web应用要求支持https访问?
可以将证书直接注册在nginx代理服务器上实现此功能。
配置文件:
customer.conf
upstream customer {
ip_hash;
server 10.1.11.60:80;
server 10.1.11.71:80;
}
server {
server_name xxx.com.cn;#公网域名
return 301 https://xxx.com.cn$request_uri; #访问http时自动转向到https
}
server {
listen 443 ssl;#监听443端口
server_name xxx.com.cn;
location / {
proxy_pass http://customer;
include /etc/nginx/proxy_params;
}
include /etc/nginx/ssl_params;#ssl证书注册信息
}
ssl_params:
ssl_certificate /var/cert/xxx.com.cn.crt;
ssl_certificate_key /var/cert/xxx.com.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;