nginx反向代理适用于局域网内部https访问域名。
1.域名申请证书
1.1 下载openssl。
1.2 openss安装路径下bin目录下启动cmd;
1.2.1 openssl version #查看是否安装openssl成功
1.2.2 openssl genrsa -des3 -out server.key 2048 #在bin目录下生成server.key文件。输入密码默认输入123456。
1.2.3 openssl req -new -x509 -key server.key -out ca.crt -days 3650 #在bin目录下生成ca.crt文件,其中Commmon Name项输入需要代理的域名名称。
1.2.4 openssl rsa -in server.key -out server.key #去掉server.key中的密码,以防每次启动nginx需要输入密码。
2.nginx相关安装设置。
2.1 下载nginx。
2.2 将上面得到的ca.crt以及server.key拷贝到nginx安装目录的conf目录下。
2.3 修改conf目录下nginx.conf文件
#user nobody;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 165;
#gzip on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket{
server 192.168.11.103:443; #需要代理的端口,尽量选择443.
keepalive 1000;
}
server {
listen 8489 ssl;#https监听端口
server_name test.com;#代理的域名
# 自己的证书,放在与ssl.conf同一文件夹下。(若放不同文件夹注意路径问题)
ssl_certificate ca.crt;
ssl_certificate_key server.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
location /wss {
proxy_redirect off;
proxy_pass http://websocket/;#代理映射端口,具体映射地址见server上面。
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # 升级协议头 websocket
proxy_set_header Connection upgrade;
}
}
server {
listen 8008;
server_name test.nginx.com;
location / {
proxy_pass http://192.168.11.103:4789/;
}
location /buy {
proxy_pass http://192.168.11.103:5789/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
if ($host = test.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name test.com;
return 404; # managed by Certbot
}
}
2.4 nginx.exe目录启动cmd,运行指令:
nginx -t #检查配置文件格式。
nginx: the configuration file E:\WebRtc\NGINX\nginx-1.24.0/conf/nginx.conf syntax is ok
nginx: configuration file E:\WebRtc\NGINX\nginx-1.24.0/conf/nginx.conf test is successful
出现类似信息则表示格式校验通过
start nginx #启动nginx
nginx -s reload #重启nginx
总结:以上步骤设置完成后,访问https://test.com等同于访问https://192.168.11.103:443.(此操作为后续wss局域网内跨设备访问做铺垫)