nginx(ssl)代理apache(ssl)
nginx和apache是在同一台机子上
nginx配置:
server {
listen 80;
server_name name.com;
rewrite ^(.*)$ https://name.com$1 permanent;
}(强制name.com跳转到https://name.com)
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
listen 443 ssl;
server_name name.com;
ssl on;
access_log logs/ssl-access.log;
error_log logs/ssl-error.log;
ssl_certificate /name.crt;
ssl_certificate_key /name.key;
ssl_client_certificate /ca.crt;
keepalive_timeout 60;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://127.0.0.1:445;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
apache配置:
Listen 445
NameVirtualHost *:445
<VirtualHost *:445>
DocumentRoot "/data"
ServerName name.com:445
ServerAlias www.name.com:445 ip:445 127.0.0.1:445
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "/name.crt"
SSLCertificateKeyFile "/name.key"
SSLCertificateChainFile "/ca.crt"
<Directory "/test">
SetEnvIfNoCase Referer "www.name.com/code.php\?user&q=code" getout
Order allow,deny
Allow from env=getout
</Directory>
CustomLog "|/usr/sbin/cronolog www.name.com-access.%m%d" combined2
</VirtualHost>
在切换http到https注意的事项:
1、引用的图片、js、css等没有使用http这样的url链接
2、如果使用了第三方的接口,接口之间用http链接交互,需要接口方也需要支持https(或者对接口不做https处理)
3、如果是手机浏览器有问题可能是证书链有问题
转载于:https://blog.51cto.com/bing2010/1568854
1943
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
