Nginx

nginx 作為 macOS 伺服器的 apache 的反向代理

  • October 7, 2017

我想在 macOS 上使用 nginx 作為伺服器 apache 的反向代理。我管理預設 macOS 伺服器的 apache 以在 HTTP 埠 4780 和 HTTPS 埠 47443 上執行。配置位於此處:/Library/Server/Web/Config/Proxy/apache_serviceproxy.conf

現在 nginx 的部分:我希望 nginx 在 subdomain 上代理伺服器的 apache server.example.com

對於 HTTP,它像魅力一樣工作,但 HTTPS 是問題,因為證書在 apache 中,而不是在 nginx 中……

HTTP 配置:

server {
   listen       80;
   listen       [::]:80;

   server_name  server.example.com;

   #charset koi8-r;
   access_log /logs/server.access.log main;
   error_log /logs/server.error.log error;

   location / {
       proxy_pass http://localhost:4780;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
   }
}

HTTPS 配置:

server {
   listen       443;
   listen       [::]:443;

   server_name  server.example.com;

   #charset koi8-r;
   access_log /logs/server.access.log main;
   error_log /logs/server.error.log error;

   location / {
       proxy_pass https://localhost:47443;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
   }
}

對於 HTTP 它可以工作,但對於 HTTPS 不能:Safari can't establish a secure connection to the server

如何做呢?

在 HTTPS 配置中的 server_name 下添加以下兩行:

ssl_certificate /path/to/your/certificate_file;
ssl_certificate_key /path/to/your/private_key_file;

並在監聽指令中添加ssl選項。

您的配置將如下所示:

server {
   listen       443 ssl;
   listen       [::]:443 ssl;

   server_name  server.example.com;
   ssl_certificate /path/to/your/certificate_file;
   ssl_certificate_key /path/to/your/private_key_file;

   #charset koi8-r;
   access_log /logs/server.access.log main;
   error_log /logs/server.error.log error;

   location / {
       proxy_pass https://localhost:47443;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
   }
}

引用自:https://serverfault.com/questions/877348