使用SSL将Nginx SSL代理发送到上游服务器
我使用nginx作为kestrel web服务器的代理。nginx和kestrel都配置为相互TLS,因此客户端只能与服务器通信,除非随请求一起发送证书。我希望能够将nguni收到的ssl证书转发给kestrel,但似乎无法这样做。服务器块中使用的使用SSL将Nginx SSL代理发送到上游服务器,ssl,tls1.2,nginx-reverse-proxy,nginx-config,kestrel-http-server,Ssl,Tls1.2,Nginx Reverse Proxy,Nginx Config,Kestrel Http Server,我使用nginx作为kestrel web服务器的代理。nginx和kestrel都配置为相互TLS,因此客户端只能与服务器通信,除非随请求一起发送证书。我希望能够将nguni收到的ssl证书转发给kestrel,但似乎无法这样做。服务器块中使用的proxy\u ssl on指令错误,以及proxy\u ssl\u certificate serv.crt指令不是我需要的,因为这会将指定的证书发送给kestrel,而我想将传递给nginx的客户端证书发送给kestrel 下面是我的Nginx配置
proxy\u ssl on
指令错误,以及proxy\u ssl\u certificate serv.crt
指令不是我需要的,因为这会将指定的证书发送给kestrel,而我想将传递给nginx的客户端证书发送给kestrel
下面是我的Nginx配置的一个片段
upstream prod {
server 127.0.0.1:443;
}
server {
listen 4430 ssl http2;
ssl on;
ssl_certificate /etc/ssl/certs/serv.crt;
ssl_certificate_key /etc/ssl/certs/serv.key;
ssl_password_file /etc/nginx/certs/ssl_passwords.txt;
ssl_client_certificate /etc/ssl/ca/certs/ca.crt;
ssl_crl /etc/ssl/ca/private/ca.crl;
ssl_verify_client optional_no_ca;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDH$
keepalive_timeout 10;
server_name my-api;
try_files $uri @prod;
location / {
add_header Access-Control-Allow-Origin *;
#proxy_ssl_session_reuse on;
proxy_ssl_trusted_certificate /etc/ssl/certs/serv.crt;
#proxy_ssl_certificate /etc/ssl/certs/serv.crt;
#proxy_ssl_certificate_key /etc/ssl/certs/serv.key;
proxy_ssl_password_file /etc/nginx/certs/ssl_passwords.txt;
proxy_ssl_verify off;
proxy_ssl_verify_depth 2;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass https://prod;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
如蒙协助,将不胜感激
谢谢