某些场景下会使用到https通过nginx反向代理http的服务的情况,配置如下:
upstream mobileapi {
server 10.1.10.13:80 weight=1 max_fails=1 fail_timeout=60s;
}
server {
server_name mobileapi.xx.com;
listen 443 ssl;
ssl on;
ssl_certificate /home/wwwroot/ssl.xx.com/xx.crt;
ssl_certificate_key /home/wwwroot/ssl.xx.com/xx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location / {
proxy_next_upstream http_500 http_502 http_503 http_504 timeout error invalid_header;
proxy_pass http://mobileapi;
proxy_redirect http://mobileapi https://mobileapi;
proxy_set_header Host $host; # ??? $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
}
}