[英]How do I configure localhost nginx to proxy https remote backend
I am developing a web UI frontend in JS, for a backend API that is now using HTTPS.我正在用 JS 开发 Web UI 前端,用于现在使用 HTTPS 的后端 API。 The following nginx config on my development machine was all I needed:
我的开发机器上的以下 nginx 配置就是我所需要的:
http {
include /etc/nginx/mime.types;
disable_symlinks off;
server {
disable_symlinks off;
listen 8080;
server_name localhost;
location /api/ {
proxy_pass http://www.my-api.com;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
}
But now www.my-api.com
is an https endpoint.但是现在
www.my-api.com
是一个 https 端点。
What adjustments do I need to make to my nginx config, in order to forward my localhost requests to the HTTPS backend?我需要对我的 nginx 配置进行哪些调整,以便将我的 localhost 请求转发到 HTTPS 后端?
The config below listens on localhost port 8080 and redirects to https://www.my-api.com .下面的配置侦听本地主机端口 8080 并重定向到https://www.my-api.com 。 Since the API is accessible on port 443, it should include the SSL certification check.
由于 API 可在端口 443 上访问,因此它应包括 SSL 认证检查。
http {
include /etc/nginx/mime.types;
disable_symlinks off;
server {
disable_symlinks off;
listen 8080;
server_name localhost;
location /api/ {
proxy_pass https://www.my-api.com;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
} }
Below is the server section that works for me.以下是对我有用的服务器部分。 @Jay Achar got me close, and to be honest there are a few things I should try in order to simplify the config.
@Jay Achar 让我很接近,老实说,为了简化配置,我应该尝试一些事情。 I added the following lines:-
我添加了以下几行:-
ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_ssl_server_name on;
I also found that I had the proxied host name incorrect.我还发现我的代理主机名不正确。 In my case the
www.
在我的情况下,
www.
on the front was not right.前面不对。 I suspect that the host's certificate doesn't match with
www
in there.我怀疑主机的证书与那里的
www
不匹配。 Perhaps just using @Jay Achar's answer with the correct remote host name would be all one would need.也许只需将@Jay Achar 的答案与正确的远程主机名一起使用就足够了。
The /etc/ssl/certs/ca-certificates.crt
comes from my openssl. /etc/ssl/certs/ca-certificates.crt
来自我的 openssl。 I figured it would be suitable as client certificate to send to the proxied host.我认为它适合作为客户端证书发送到代理主机。
The only other change I made to @Jay Achar's config was in the lines我对@Jay Achar 的配置所做的唯一其他更改是在行中
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $upstream_addr;
Again, perhaps those changes were not necessary.同样,也许这些改变是不必要的。
server {
disable_symlinks off;
listen 8080;
server_name pb.localhost;
ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
location /api {
proxy_pass https://my-api.com:443;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $upstream_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.