我希望我的 NGINX 作为 443 和 22 的反向代理,并将所有流量从 80 重定向到 443。
我的配置有什么问题?
NGINX 服务器有两块网卡,10.0.0.0/8 和 11.0.0.0/8。请求来自 10.0.0.0/8。目标机器是 11.0.0.11/8,NGIX 机器是 10.0.0.10/8 和 11.0.0.2/8。
下面的配置有什么问题?它是一个保存为 /etc/nginx/nas 的文件。
stream {
upstream ssh {
server 11.0.0.11:22;
}
upstream web {
return 301 https://$host$request_uri;
}
map $ssl_preread_protocol $upstream {
default ssh;
"TLSv1.2" web;
}
server {
listen 80;
server_name nas drive;
proxy_pass $upstream;
ssl_preread on;
}
server {
listen 443 ssl;
server_name nas drive;
location /.well-known {
alias /var/www/drive/.well-known;
}
location / {
proxy_buffers 16 4k;
proxy_buffer_size 2k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://11.0.0.11:443;
proxy_read_timeout 90;
}
ssl_certificate /etc/letsencrypt/live/drive/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/drive/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 10G;
}
}