centos 7 nginx 配置返向代理 域名转发

适应环境：只有一台公网ip，内网有两台物理服务器。并且需要通过域名来访问不同的物理服务器提供的https网站服务。

在nginx配置文件在conf.d目录下创建两个配置文件ssl.conf和ssl1.conf

ssl.conf内容如下：

server {
        listen 443;
        server_name a.aaaa.com;
        ssl on;
        ssl_certificate 1.crt;
        ssl_certificate_key 1.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto https;
                proxy_redirect off;
                proxy_connect_timeout      240;
                proxy_send_timeout         240;
                proxy_read_timeout         240;
                proxy_pass https://192.168.1.66;
        }
}

ssl1.conf

server {
        listen 443;
        server_name b.aaaa.com;
        ssl on;
        ssl_certificate 1.crt;
        ssl_certificate_key 1.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto https;
                proxy_redirect off;
                proxy_connect_timeout      240;
                proxy_send_timeout         240;
                proxy_read_timeout         240;
                proxy_pass https://192.168.1.152;
        }
}

访问日志配置

ssl.conf增加

proxy_set_header X-Real-IP $remote_addr; 

httpd 中配置

<VirtualHost _default_:443>
  SSLEngine on
  ServerName a.aaaa.com
  SSLCertificateFile "${SRVROOT}/conf/ssl/1.crt"
  SSLCertificateKeyFile "${SRVROOT}/conf/ssl/1.key"
 DocumentRoot "${WEBROOT}"
	CustomLog "${SRVROOT}/logs/yypd_ssl_request.log" \
         "%t %{X-Real-IP}i %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	<Directory ${WEBROOT}>
		Options FollowSymLinks ExecCGI  
        	AllowOverride All
        	Require all granted 
	</Directory>
</virtualhost>

参考配置网址：https://www.zhangshengrong.com/p/4yNqQYOWNA/