对于特定用例,我想将云中的反向代理 (RP) 放在已与另一个仅侦听 HTTPS 的 RP 打包的应用程序前面。我无法访问应用程序后端及其反向代理的配置。
cloudreverseproxy --https--> upperreverseproxy --https--> upperbackend
对于以下示例,cloudreverseproxy url 为“mycloudreverseproxy.com”,upstreamreverseproxy 为“myupstream.com”
当使用 Nginx 作为具有标准 SSL 配置的反向代理时,我在浏览时收到错误重定向请求 HTTP 421 错误https://mycloudreverseproxy.com但是当使用具有类似配置的 Apache 时,一切都运行正常。我还使用 openresty 作为上游来排除 cloudreverseproxy 发送的标头故障,但 Nginx 和 Apache 之间的一切似乎非常相似。
以下是 Nginx 配置:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mycloudreverseproxy.com;
# SSL
ssl_certificate /etc/letsencrypt/live/mycloudreverseproxy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mycloudreverseproxy.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mycloudreverseproxy.com/chain.pem;
# reverse proxy
location / {
proxy_pass https://myupstream.com/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}
还有Apache:
<VirtualHost *:443>
ServerName mycloudreverseproxy.com
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/mycloudreverseproxy.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mycloudreverseproxy.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyRequests Off
ProxyPass / https://myupstream.com/
ProxyPassReverse / https://myupstream.com/
</VirtualHost>
为什么 Apache 可以工作而 Nginx 却不行?
答案1
添加 proxy_ssl_name $yourbackendhostname;