Nginx 反向代理 https 到 https
[英]Nginx reverse proxy https to https
问题描述
I have a QNAP TS-253A with its admin interface exposed to the internet.
我有一个 QNAP TS-253A,其管理界面暴露在互联网上。
The qnap has it's own certificate installed by a dedicated tool (ie. I don't know exactly where to locate the certificate). qnap 拥有由专用工具安装的自己的证书(即,我不知道该证书的确切位置)。
https://mydomain.myqnapcloud.com points to my static IP, and my router has a firewall rule, which forwards port 443 to 192.168.200.6 which is the internal address of my QNAP. https://mydomain.myqnapcloud.com指向我的静态IP,我的路由器有防火墙规则,将端口443转发到192.168.200.6,这是我QNAP的内部地址。
That all works as it should.一切正常。
Now I have spun up a Docker container on 192.168.200.18, which I would like to expose to https://identity.someotherdomain.com .现在我在 192.168.200.18 上启动了一个 Docker 容器,我想将其公开给https://identity.someotherdomain.com 。
My Idea was to spin up another container with an Nginx reverse proxy (192.168.200.8), and change the firewall rule to forward 443 (and 80) to the reverse proxy.我的想法是使用 Nginx 反向代理(192.168.200.8)启动另一个容器,并将防火墙规则更改为将 443(和 80)转发到反向代理。
There are lots of guides to use nginx to sit in front of a http server and add SSL certificate thereby converting an existing http site to https.有很多指南可以使用 nginx 坐在 http 服务器前面并添加 SSL 证书,从而将现有的 http 站点转换为 https。 But my use case should be even simpler as the server i forward to, is already https.但是我的用例应该更简单,因为我转发的服务器已经是 https。
I have tried this, which doesn't work:我试过这个,这不起作用:
upstream qnap {
server 192.168.200.6:443;
}
server {
listen 192.168.200.8:443;
server_name mydomainmyqnapcloud.com;
location / {
proxy_pass https://qnap;
}
}
How do I configure nginx to forward traffic intended for https://mydomain.myqnapcloud.com to https://192.168.200.6 and traffic intended for https://identity.someotherdomain.com to https://192.168.200.18如何配置 nginx 以将用于https://mydomain.myqnapcloud.com 的流量转发到https://192.168.200.6并将用于https://identity.someotherdomain.com 的流量转发到https://192.168.200.18
1 个解决方案
解决方案1
1 2020-03-01 21:38:20
The way I got this working was to locate the certificate and key on the Qnap (in /etc/stunnel) and copy them to a folder shared into the reverse proxy docker image and include them in the nginx.conf:我让这个工作的方式是在 Qnap 上找到证书和密钥(在 /etc/stunnel 中)并将它们复制到共享到反向代理 docker 映像的文件夹中,并将它们包含在 nginx.conf 中:
server {
listen 443 ssl;
server_name mydomain.myqnapcloud.com;
ssl_certificate /etc/ssl/private/backup.cert;
ssl_certificate_key /etc/ssl/private/backup.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://192.168.200.6;
proxy_read_timeout 90;
proxy_redirect https://192.168.200.6 https://mydomain.myqnapcloud.com;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.