我想在 macOS 上使用 nginx 作为服务器 apache 的反向代理。我管理默认 macOS 服务器的 apache 在 HTTP 端口 4780 和 HTTPS 端口 47443 上运行。配置位于此处:/Library/Server/Web/Config/Proxy/apache_serviceproxy.conf
现在是 nginx 的部分:我想要 nginx 在子域上代理服务器的 apache server.example.com。
对于 HTTP,它像 charm 一样工作,但是 HTTPS 有问题,因为证书在 apache 中,而不是在 nginx 中......
HTTP 配置:
server {
listen 80;
listen [::]:80;
server_name server.example.com;
#charset koi8-r;
access_log /logs/server.access.log main;
error_log /logs/server.error.log error;
location / {
proxy_pass http://localhost:4780;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
HTTPS 配置:
server {
listen 443;
listen [::]:443;
server_name server.example.com;
#charset koi8-r;
access_log /logs/server.access.log main;
error_log /logs/server.error.log error;
location / {
proxy_pass https://localhost:47443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
对于 HTTP 它可以工作,但对于 HTTPS 则不行:Safari can't establish a secure connection to the server
如何做呢?
答案1
在您的 HTTPS 配置中的 server_name 下面添加以下两行:
ssl_certificate /path/to/your/certificate_file;
ssl_certificate_key /path/to/your/private_key_file;
ssl并在 listen 指令中添加选项。
你的配置将会像这样:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name server.example.com;
ssl_certificate /path/to/your/certificate_file;
ssl_certificate_key /path/to/your/private_key_file;
#charset koi8-r;
access_log /logs/server.access.log main;
error_log /logs/server.error.log error;
location / {
proxy_pass https://localhost:47443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}