我在 nginx 中为 HTTPS 设置反向代理时遇到问题。
我已经在 127.0.0.1:443 上设置了 Tomcat HTTPS 连接器。它起作用了:
% openssl s_client -showcerts -connect 127.0.0.1:443
CONNECTED(00000005)
depth=2 C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
verify return:1
depth=1 C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Domain Validation CA SHA2
verify return:1
depth=0 CN = *.example.com
verify return:1
---
Certificate chain
0 s:CN = *.example.com
i:C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Domain Validation CA SHA2
-----BEGIN CERTIFICATE-----
但是,当我尝试从域外部进行连接(nginx 应该在其中提供 proxypassed 页面)时出现错误:
% openssl s_client -showcerts -connect example.com:443 -servername example.com
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 309 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Nginx 配置:
server {
listen 1.2.3.4:80 default_server;
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 1.2.3.4:443 default_server ssl;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com;
location ~ ^.*$ {
proxy_pass https://127.0.0.1;
}
}
请帮助我让 nginx 通过 HTTPS 证书。