要知道如何申請及安裝 SSL憑證可以參考這篇教學:
Nginx 如何安裝 Namecheap Comodo PositiveSSL 憑證
觀念: 讓 Client 端和 proxy 之間使用SSL加密協定, 再將 request 請求給未加密的Web伺服器.
底下的設定是加在 Reverse Proxy 的主機上~
引用:
#----------------------------------------------------
# adj.com.tw
#----------------------------------------------------
server {
listen 443;
server_name adj.com.tw www.adj.com.tw;
access_log /var/log/nginx/show/adj.com.tw.access.log;
error_log /var/log/nginx/show/adj.com.tw.error.log;
ssl on;
ssl_certificate /etc/nginx/certs/adj/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/certs/adj/server.key;
if ( $host = 'adj.com.tw' ) {
rewrite ^/(.*)$ https://www.adj.com.tw/$1 permanent;
}
location / {
proxy_pass https://11.22.33.44;
proxy_buffering on;
proxy_cache cache_one;
proxy_cache_valid 200 304 7d;
proxy_cache_valid 301 302 10m;
proxy_cache_valid any 1m;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
add_header X-Via $server_addr;
add_header X-Cache-status $upstream_cache_status;
expires 7d;
### force timeouts if one of backend is died ##
proxy_next_upstream http_502 http_504 error timeout invalid_header;
### Set headers ####
proxy_set_header Host www.adj.com.tw;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded-Proto https;
}
}
照這樣的設定...將 adj.com.tw 改成自己的網址就可以了~~
