Nginx,反向代理和 HTTPS

Nginx,反向代理和 HTTPS

我在 nginx 中为 HTTPS 设置反向代理时遇到问题。

我已经在 127.0.0.1:443 上设置了 Tomcat HTTPS 连接器。它起作用了:

% openssl s_client -showcerts -connect 127.0.0.1:443
CONNECTED(00000005)
depth=2 C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
verify return:1
depth=1 C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Domain Validation CA SHA2
verify return:1
depth=0 CN = *.example.com
verify return:1
---
Certificate chain
 0 s:CN = *.example.com
   i:C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Domain Validation CA SHA2
-----BEGIN CERTIFICATE-----

但是,当我尝试从域外部进行连接(nginx 应该在其中提供 proxypassed 页面)时出现错误:

% openssl s_client -showcerts -connect example.com:443 -servername example.com
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 309 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

Nginx 配置:

server {
    listen 1.2.3.4:80 default_server;
    server_name example.com;
    return 301 https://example.com$request_uri;
}
server {
    listen 1.2.3.4:443 default_server ssl;
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;
    server_name example.com;
    location ~ ^.*$ {
        proxy_pass https://127.0.0.1;
    }
}

请帮助我让 nginx 通过 HTTPS 证书。

相关内容