nginx reverse proxy settings ssl, support https

nginx reverse proxy settings ssl, support https

The http_ssl_module module needs to be enabled (the production environment itself already exists)

 

one. generate ssl security certificate,

            Create a new ssl.conf folder in the nginx configuration directory and cd to ssl.conf

      The first step is to generate the key: openssl genrsa -des3 -out c.com.key 1024

             Enter the setup password: 123456 and enter it again.

    The second step is to generate a certificate request: openssl req -new -key c.com.key -out c.com.csr

            Enter the password you just set

     The third step is to copy a key file that does not require a password: openssl rsa -in c.com.key -out c.comss.key

            Enter the set password

     The fourth step is to configure your own certificate: openssl x509 -req -days 365 -in c.com.csr -signkey c.com.key -out c.com.crt

 

two. nginx.conf configuration file

          Add a server,

        server {

             listen 443 ssl;

             server_name www.test.com;

            

             ssl_certificate       ssl.conf/c.com.crt;

             ssl_certificate_key   ssl.conf/c.com.key;  

 

            location / {

                 root /usr/local/nginx/html;

             }

          }

 

Test: configure hosts locally, visit https://www.test.com/test.html in browser

 

Access appears: There is a problem with the security certificate of this website, then the configuration is ok, and the production environment can put the purchased certificate on it.

 

 

three. Nginx uses the 443 interface to accept requests, and uses other ports for back-to-source request data. The (so-called proxy) configuration is as follows:

        upstream test {

              ip_hash;

             server 192.168.1.100:8090 weight=2;

             server 192.168.1.101:8091 weight=1;

       }

 

       

     server {

             listen 443 ssl;

             server_name www.test.com;

            

             ssl_certificate       ssl.conf/c.com.crt;

             ssl_certificate_key   ssl.conf/c.com.key;  

 

            location / {

                 proxy_pass http://test;

             }

          }

 

        

4. The configuration of [http and https co-recommended] is as follows:

     

   upstream test {

              ip_hash;

             server 192.168.1.100:8090 weight=2;

             server 192.168.1.101:8091 weight=1;

       }

       

     server {

             listen 80;

             listen 443 ssl;

             server_name  www.test.com ;

            

             ssl_certificate       ssl.conf/c.com.crt;

             ssl_certificate_key   ssl.conf/c.com.key;  

 

            location / {

                 proxy_pass  http://test ;

             }

          }

 

 

 

Fives,

        

  upstream test {

              ip_hash;

             server 192.168.1.100:8090 weight=2;

             server 192.168.1.101:8091 weight=1;

       }

       

     server {

         listen 80;

         server_name www.test2.com;

         location / {

               rewrite ^(.*)$ https://$host$1 permanent; #Actually jump to port 443 below here

         }

    }

     server {

             listen 443 ssl;

             server_name     www.test2.com;

            

             ssl_certificate       ssl.conf/c.com.crt;

             ssl_certificate_key   ssl.conf/c.com.key;  

 

            location / {

                 proxy_pass  http://test ;

             }

          }