nginx通过ssl反代至后端http服务

nginx端配置：

http {

##
# Basic Settings
##


sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;


# server_names_hash_bucket_size 64;
# server_name_in_redirect off;


include /etc/nginx/mime.types;
default_type application/octet-stream;


##
# SSL Settings
##
server {
        listen 8443;
ssl on;
        server_name 36.111.x.x;
ssl_certificate     /home/yjt_backend/cer/36.111.x.x.crt;
        ssl_certificate_key /home/yjt_backend/cer/36.111.x.x.key;


            location / {

                    proxy_pass http://10.129.32.33:8000/;

#下面这段是ssl成功反代至后端http的关键，需要在报文首部添加真实来源客户端的IP地址等信息，这样才能被后端Django程序识别到，并且需要在后端Django程序里面添加一段重定向至真实客户端的代码，这样才能成功返回至客户端，否则它以为返回至nginx，访问的时候nginx不知道返回到客户端，当访问https://36.111.x.x:8000就回重定向到自己的地址，https://127.0.0.1:8000这个URL

   proxy_pass_header Server;
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Scheme $scheme;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header REMOTE_ADDR $remote_addr;
   proxy_redirect     off;
            }
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##


access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;


##
# Gzip Settings
##


gzip on;
gzip_disable "msie6";


# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;


##
# Virtual Host Configs
##


include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}

Django端配置：需要在最后加这两行，全局的

 SECURE_SSL_REDIRECT = True
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')