NGINX proxy_pass 适用于 HTTP 但不适用于 HTTPS(ERR_CERT_COMMON_NAME_INVALID)

tag-icon tag-icon nginx ssl reverse-proxy https
NGINX proxy_pass 适用于 HTTP 但不适用于 HTTPS(ERR_CERT_COMMON_NAME_INVALID)

我们正在使用:NGINX proxy_pass => app1

我正在通过 proxy_pass ip 提交表单。但是收到这样的错误 添加错误参考的屏幕截图

这里我添加了我的 nginx.conf 设置

    upstream add_product {
       server IP:9081;
        }


server {
            listen   80 default_server ;
            listen [::]:80 default_server;
            server_name *.mydomain.com www.mydomain.com ;
            # below mentined line will be rewriting all the URLs to 
            return 301 https://$host$request_uri;
    }

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
         # rewrite ^ https://$host$request_uri? permanent;
         # SSL Settings
         # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
        ssl_certificate  /etc/nginx/ssl/mydomain.com.chained.crt;
        ssl_certificate_key  /etc/nginx/ssl/mydomain.com.key;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets on;

        # intermediate configuration. tweak to your needs.
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
       ssl_prefer_server_ciphers on;
       ssl_session_cache shared:SSL:50m;

       # OCSP Stapling ---
       # fetch OCSP records from URL in ssl_certificate and cache them
       ssl_stapling on;
       ssl_stapling_verify on;
       ssl_trusted_certificate /etc/nginx/certs/lets-encrypt-x3-cross-signed.pem;
       # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
       # enable HSTS including subdomains
       add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        server_name *.mydomain.com www.mydomain.com ;

location / {

         default_type application/octet-stream;
         include /etc/nginx/mime.types;

         # needed to forward user's IP address to backend
          proxy_set_header  X-Real-IP  $remote_addr;

          # needed for HTTPS
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_redirect off;
          proxy_max_temp_file_size 0;
          # Use this variable to key off whether we pass requests to backend,
          # or serve them directly via nginx.  By default everything gets
          # passed thru, and we only serve specific resources directly.
          set $send_to_app "yes";


         #check our state to make sure we're forwarding it back
          if ($send_to_app = "yes") {
                    proxy_pass https://add_product;
                }
         # File uploads
        client_max_body_size 10m;

}

}

相关内容