如何配置localhost nginx以代理https远程后端
我正在用JS开发一个web UI前端,用于现在使用HTTPS的后端API。我只需要在我的开发机器上使用以下nginx配置:如何配置localhost nginx以代理https远程后端,nginx,nginx-reverse-proxy,nginx-config,Nginx,Nginx Reverse Proxy,Nginx Config,我正在用JS开发一个web UI前端,用于现在使用HTTPS的后端API。我只需要在我的开发机器上使用以下nginx配置: http { include /etc/nginx/mime.types; disable_symlinks off; server { disable_symlinks off; listen 8080; server_name localhost; location /api/ { proxy_pass
http {
include /etc/nginx/mime.types;
disable_symlinks off;
server {
disable_symlinks off;
listen 8080;
server_name localhost;
location /api/ {
proxy_pass http://www.my-api.com;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
}
但是现在www.my-api.com
是一个https端点
为了将本地主机请求转发到HTTPS后端,我需要对nginx配置进行哪些调整?下面的配置侦听本地主机端口8080并重定向到。由于API可以在端口443上访问,因此它应该包括SSL认证检查
http {
include /etc/nginx/mime.types;
disable_symlinks off;
server {
disable_symlinks off;
listen 8080;
server_name localhost;
location /api/ {
proxy_pass https://www.my-api.com;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
}下面是我的服务器部分。 @Jay Achar让我接近了,说实话,我应该尝试一些事情 以简化配置。 我添加了以下行:-
ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_ssl_server_name on;
我还发现我的代理主机名不正确。在我的例子中,www.
前面的那条路不对。我怀疑主机的证书不匹配
里面有www
。也许只是用@Jay Achar的正确答案
远程主机名将是所有人都需要的
/etc/ssl/certs/ca certificates.crt
来自我的openssl。我猜到了
将适合作为客户端证书发送到代理主机
我对@Jay Achar的配置所做的唯一其他更改是在行中
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $upstream_addr;
同样,也许这些改变是没有必要的
server {
disable_symlinks off;
listen 8080;
server_name pb.localhost;
ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
location /api {
proxy_pass https://my-api.com:443;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $upstream_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
谢谢杰伊·阿克尔。不过,建议的配置没有起作用。API请求在
502坏网关中结束。我认为nginx日志的相关部分是…```2020/11/03 08:16:15[错误]2202#2202:*9 SSL握手时的对等闭合连接(104:未知错误),当SSL握手到上游时,客户端:127.0.0.1,服务器:pb.localhost,请求:“GET/api/serviceD ev.svc/SystemInfo?u=1604351774815 HTTP/1.1”,上游:“https://:443/api/serviceDev.svc/Syst emInfo?=1604351774815”,主机:“pb.localhost:8080”,引用者:“/sign.html”```