Nginx 加上 SSL 設定 (reverse proxy mode)

如果已經用 nginx 架好 reverse proxy (架設方式: http://snippetinfo.net/media/671/)

然後要加上 SSL 的話，比較簡單的方法是設定好之後，放在 /etc/nginx/conf.d 下面

這樣一來，一個站一個 SSL，就可以很清楚不會混淆了!

設定方式如下:

先在 /etc/nginx/conf/nginx.conf 加上

upstream ssl_backend {
        server w.x.y.z:4443;
}

ssl_session_cache   shared:SSL:10m;
ssl_session_timeout 10m;

然後在 /etc/nginx/conf.d/ 下面丟一個你自己網域的 conf 檔，設定好後重啟 nginx 即可! (e.g: snippetinfo.net.conf)

server {
    listen              443 ssl;

    # if you wanna to enable HTTP/2 (need nginx 1.9.5+)
    #listen              443 ssl http2;
    #listen              [::]:443 ssl http2;


    server_name         *.snippetinfo.net;
    ssl_certificate     /etc/httpd/conf/ssl/snippetinfo.net.crt;
    ssl_certificate_key /etc/httpd/conf/ssl/snippetinfo.net.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    location / {
        add_header X-Proxy-Cache    $upstream_cache_status;
        proxy_pass                  https://ssl_backend;
        proxy_set_header            Host $host;
        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_cache_key             "$scheme$host$request_uri";
        proxy_cache                 STATIC;
        proxy_cache_valid           200  7d;
        proxy_cache_bypass  $http_cache_control;
        proxy_cache_use_stale       error timeout invalid_header updating
                                    http_500 http_502 http_503 http_504;

    }
    
}

圖片引用網址: https://cheapsslsecurity.com/blog/install-ssl-certificate-nginx-http-server/

Facebook 討論區載入中...

註解