如何配置localhost nginx以代理https远程后端_Nginx_Nginx Reverse Proxy_Nginx Config

如何配置localhost nginx以代理https远程后端

nginx

如何配置localhost nginx以代理https远程后端,nginx,nginx-reverse-proxy,nginx-config,Nginx,Nginx Reverse Proxy,Nginx Config,我正在用JS开发一个web UI前端，用于现在使用HTTPS的后端API。我只需要在我的开发机器上使用以下nginx配置： http { include /etc/nginx/mime.types; disable_symlinks off; server { disable_symlinks off; listen 8080; server_name localhost; location /api/ { proxy_pass

我正在用JS开发一个web UI前端，用于现在使用HTTPS的后端API。我只需要在我的开发机器上使用以下nginx配置：

http {
  include /etc/nginx/mime.types;
  disable_symlinks off;

  server {
    disable_symlinks off;
    listen 8080;
    server_name localhost;

    location /api/ {
        proxy_pass                http://www.my-api.com;
    }

    location /some-path/ {
      disable_symlinks off;
      root /var/www;
      index index.html;
    }
  }

}

但是现在

www.my-api.com

是一个https端点

为了将本地主机请求转发到HTTPS后端，我需要对nginx配置进行哪些调整？

下面的配置侦听本地主机端口8080并重定向到。由于API可以在端口443上访问，因此它应该包括SSL认证检查

http {
  include /etc/nginx/mime.types;
  disable_symlinks off;

  server {
    disable_symlinks off;
    listen 8080;
    server_name localhost;

    location /api/ {
        proxy_pass                https://www.my-api.com;
        proxy_http_version  1.1;
        proxy_cache_bypass  $http_upgrade;

        proxy_set_header Upgrade           $http_upgrade;
        proxy_set_header Connection        "upgrade";
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  $server_port;
    }

    location /some-path/ {
      disable_symlinks off;
      root /var/www;
      index index.html;
    }
  }

}下面是我的服务器部分。 @Jay Achar让我接近了，说实话，我应该尝试一些事情以简化配置。我添加了以下行：-

    ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_ssl_server_name on;

我还发现我的代理主机名不正确。在我的例子中，

www.

前面的那条路不对。我怀疑主机的证书不匹配里面有

www

。也许只是用@Jay Achar的正确答案远程主机名将是所有人都需要的

/etc/ssl/certs/ca certificates.crt

来自我的openssl。我猜到了将适合作为客户端证书发送到代理主机

我对@Jay Achar的配置所做的唯一其他更改是在行中

  proxy_set_header Host              $proxy_host;
  proxy_set_header X-Real-IP         $upstream_addr;

同样，也许这些改变是没有必要的

    server {
        disable_symlinks off;
        listen 8080;
        server_name pb.localhost;
        
        ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
        location /api {
            proxy_pass  https://my-api.com:443;

            proxy_ssl_server_name on;
                proxy_http_version  1.1;
                proxy_cache_bypass  $http_upgrade;

            proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
                proxy_set_header Upgrade           $http_upgrade;
                proxy_set_header Connection        "upgrade";
                proxy_set_header Host              $proxy_host;
                proxy_set_header X-Real-IP         $upstream_addr;
                proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Host  $host;
                proxy_set_header X-Forwarded-Port  $server_port;
        }

        location /some-path/ {
            disable_symlinks off;
            root /var/www;
            index index.html;
        }
    }

谢谢杰伊·阿克尔。不过，建议的配置没有起作用。API请求在

502坏网关中结束。我认为nginx日志的相关部分是…```2020/11/03 08:16:15[错误]2202#2202:*9 SSL握手时的对等闭合连接（104：未知错误），当SSL握手到上游时，客户端：127.0.0.1，服务器：pb.localhost，请求：“GET/api/serviceD ev.svc/SystemInfo？u=1604351774815 HTTP/1.1”，上游：“https://：443/api/serviceDev.svc/Syst emInfo？=1604351774815”，主机：“pb.localhost:8080”，引用者：“/sign.html”```