stream代理
本地80代理到192.168.0.111:8081
1
2
3
4
5
6
7
8
9
10
11
|
stream {
server {
listen 80;
proxy_pass shterm;
}
upstream shterm {
server 192.168.0.111:8081;
}
}
|
https ssl 代理示例
将本地443代理到test.mulinux.com:8080
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
#http {
# upstream test.mulinux.com {
# server test.mulinux.com:8080;
# }
server {
listen 443 ssl;
server_name test.mulinux.com;
ssl_certificate /mds/nginx/cert/server.crt;
ssl_certificate_key /mds/nginx/cert/server.key;
#ssl_client_certificate /etc/ssl/certs/ca.crt;
ssl_verify_client off;
location / {
proxy_pass https://test.mulinux.com:8080/;
proxy_redirect off;
}
}
}
|
proxy_pass + upstream
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
http {
upstream mulinux_com {
server blog.mulinux.com;
server www.mulinux.com;
}
server {
listen 8080;
listen [::]:8081 ipv6only=on;
listen 8080 ssl;
listen [::]:8081 ssl ;
server_name localhost;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
ssl_certificate /usr/local/nginx/cert/mulinux.crt;
ssl_certificate_key /usr/local/nginx/cert/mulinux.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://mulinux_com;
}
}
}
|
参考: https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/