背景:因内网环境不通外网,需使用通外网机器代理到原域名:
原域名:https://***.test.com
代理域名: https://***.test1.cn
nginx配置文件信息如下:
server {
server_name ***.test1.cn;
listen 443 ssl;
ssl_certificate_key /etc/nginx/ssl/*.key;
ssl_certificate /etc/nginx/ssl/*.crt;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5000m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
client_max_body_size 100m;
location / {
proxy_pass https://***.test.com;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
重启nginx后,验证信息如下:代理后的域名报错403
解决方法:
修改此行:proxy_set_header Host $proxy_host;
重启nginx后再次验证 :