如何配置 localhost nginx 来代理 https 远程后端
[英]How do I configure localhost nginx to proxy https remote backend
问题描述
I am developing a web UI frontend in JS, for a backend API that is now using HTTPS.
我正在用 JS 开发 Web UI 前端,用于现在使用 HTTPS 的后端 API。 The following nginx config on my development machine was all I needed:我的开发机器上的以下 nginx 配置就是我所需要的:
http {
include /etc/nginx/mime.types;
disable_symlinks off;
server {
disable_symlinks off;
listen 8080;
server_name localhost;
location /api/ {
proxy_pass http://www.my-api.com;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
}
But now www.my-api.com is an https endpoint.但是现在www.my-api.com是一个 https 端点。
What adjustments do I need to make to my nginx config, in order to forward my localhost requests to the HTTPS backend?我需要对我的 nginx 配置进行哪些调整,以便将我的 localhost 请求转发到 HTTPS 后端?
2 个解决方案
解决方案1
0 2020-11-02 12:47:43
The config below listens on localhost port 8080 and redirects to https://www.my-api.com .下面的配置侦听本地主机端口 8080 并重定向到https://www.my-api.com 。 Since the API is accessible on port 443, it should include the SSL certification check.由于 API 可在端口 443 上访问,因此它应包括 SSL 认证检查。
http {
include /etc/nginx/mime.types;
disable_symlinks off;
server {
disable_symlinks off;
listen 8080;
server_name localhost;
location /api/ {
proxy_pass https://www.my-api.com;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
} }
解决方案2
0 已采纳 2020-11-03 02:19:07
Below is the server section that works for me.以下是对我有用的服务器部分。 @Jay Achar got me close, and to be honest there are a few things I should try in order to simplify the config. @Jay Achar 让我很接近,老实说,为了简化配置,我应该尝试一些事情。 I added the following lines:-我添加了以下几行:-
ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_ssl_server_name on;
I also found that I had the proxied host name incorrect.我还发现我的代理主机名不正确。 In my case the www.在我的情况下, www. on the front was not right.前面不对。 I suspect that the host's certificate doesn't match with www in there.我怀疑主机的证书与那里的www不匹配。 Perhaps just using @Jay Achar's answer with the correct remote host name would be all one would need.也许只需将@Jay Achar 的答案与正确的远程主机名一起使用就足够了。
The /etc/ssl/certs/ca-certificates.crt comes from my openssl. /etc/ssl/certs/ca-certificates.crt来自我的 openssl。 I figured it would be suitable as client certificate to send to the proxied host.我认为它适合作为客户端证书发送到代理主机。
The only other change I made to @Jay Achar's config was in the lines我对@Jay Achar 的配置所做的唯一其他更改是在行中
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $upstream_addr;
Again, perhaps those changes were not necessary.同样,也许这些改变是不必要的。
server {
disable_symlinks off;
listen 8080;
server_name pb.localhost;
ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
location /api {
proxy_pass https://my-api.com:443;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $upstream_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.