以前方一台服务器开放80和443端口,代理跳转到后方服务器,通过内网IP连接,无需暴露后方服务器IP及开放对外端口。
我用这个是在服务器上建了一个gitblit版本库和一个文件共享的服务,但是gitblit通过域名访问无法正确生成仓库地址,用IP+端口就可以,猜测是gitblit配置里需要指明证书或者域名配置,但是在网上没有找到gitblit的配置文件详解,全部都是安装的文档,win的文档还是太少了,gitlab上面应该也是有对应配置的吧
一共4个server块,两两对应,从下往上配置的,最下面的两个为访问那两个域名则默认加上https前缀跳转
rewrite ^(.*)$ https://$server_name$1 permanent \\匹配该server块内的server_name加上https前缀;
charset utf-8 \\指定nginx字符集;
server_tokens off \\关闭版本号,nginx1.15版本以后不用加ssl on了;
listen 443 ssl \\默认监听ssl443端口;
ssl_certificate \\证书路径,如果证书没有放在nginx的conf目录下则需要写绝对路径
ssl_certificate_key \\私钥路径
upstream chfs {
server 172.45.1.30:2345;
}
upstream git {
server 172.45.1.30:22222;
}
server {
server_name git.ziko.info;
charset utf-8;
server_tokens off;
listen 443 ssl;
ssl_certificate qy.crt;
ssl_certificate_key qy.key;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://git;
}
}
server {
server_name chfs.ziko.info;
charset utf-8;
server_tokens off;
listen 443 ssl;
ssl_certificate qy.crt;
ssl_certificate_key qy.key;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://chfs;
}
}
server {
listen 80;
server_name git.ziko.info;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
server {
listen 80;
server_name chfs.ziko.info;
rewrite ^(.*)$ https://$server_name$1 permanent;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
