nginx通过ssl反代至后端http服务
来源:互联网 发布:一件代发怎么传淘宝 编辑:程序博客网 时间:2024/06/10 23:20
nginx端配置:
http {
### Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
server {
listen 8443;
ssl on;
server_name 36.111.x.x;
ssl_certificate /home/yjt_backend/cer/36.111.x.x.crt;
ssl_certificate_key /home/yjt_backend/cer/36.111.x.x.key;
location / {
proxy_pass http://10.129.32.33:8000/;
#下面这段是ssl成功反代至后端http的关键,需要在报文首部添加真实来源客户端的IP地址等信息,这样才能被后端Django程序识别到,并且需要在后端Django程序里面添加一段重定向至真实客户端的代码,这样才能成功返回至客户端,否则它以为返回至nginx,访问的时候nginx不知道返回到客户端,当访问https://36.111.x.x:8000就回重定向到自己的地址,https://127.0.0.1:8000这个URL
proxy_pass_header Server;proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_redirect off;
}
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Django端配置:需要在最后加这两行,全局的
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
阅读全文
0 0
- nginx通过ssl反代至后端http服务
- Centos7+Nginx通过windows CA颁发及配置SSL服务
- nginx后端转SSL接收前端请求
- 通过http请求服务
- Nginx+Tomcat+SSL 识别 https还是http
- nginx+ssl配置http和https共存
- Nginx安装HTTP SSL模块基本配置
- nginx ssl tomcat no ssl https http问题
- 通过https(ssl)获得http响应
- nginx http服务搭建配置
- 通过Nginx访问后端应用,ERR_CONTENT_LENGTH_MISMATCH 问题的解决
- 通过Nginx访问后端应用,ERR_CONTENT_LENGTH_MISMATCH 问题的解决
- nginx根据客户端ip动态代理后端服务-TCP
- java通过amox-http发布http服务
- 后端直接通过http写数据到html页面
- Passenger,nginx and SSL(http redirect to https)
- Nginx配置SSL并强制http跳转到https
- nginx配置ssl证书实现https和http共存访问
- Oracle恢复误删的数据或表,解除锁定SQL或table
- Shell常用命令整理
- 文章标题
- 深入解析Java反射-invoke方法
- maven将本地jar包放在本地仓库
- nginx通过ssl反代至后端http服务
- 设置 电脑系统的开机自启动选项
- c++--this指针
- android gradle多渠道打包不同资源
- Object类之_toString()方法
- 二维数组
- 产品经理必备工具&文档
- Eclipse之alt+/失效
- 第十六天H5进阶