目录

Nginx 代理示例

stream代理

本地80代理到192.168.0.111:8081

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
stream {
    server {
        listen 80;
        proxy_pass shterm;
    }

    upstream shterm {
        server 192.168.0.111:8081;
    }

}

https ssl 代理示例

将本地443代理到test.mulinux.com:8080

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
#http {
#    upstream test.mulinux.com {
#        server test.mulinux.com:8080;
#   }

    server {
        listen      443 ssl;
        server_name test.mulinux.com;

        ssl_certificate        /mds/nginx/cert/server.crt;
        ssl_certificate_key    /mds/nginx/cert/server.key;
        #ssl_client_certificate /etc/ssl/certs/ca.crt;
        ssl_verify_client      off;

        location / {
            proxy_pass https://test.mulinux.com:8080/;
            proxy_redirect off;
        }
    }
}

proxy_pass + upstream

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
http {
   upstream mulinux_com {
       server blog.mulinux.com;
       server www.mulinux.com;
   }

   server {
        listen       8080;
        listen [::]:8081 ipv6only=on;
        listen       8080 ssl;
        listen [::]:8081 ssl ;
        server_name  localhost;

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


        ssl_certificate /usr/local/nginx/cert/mulinux.crt;
        ssl_certificate_key /usr/local/nginx/cert/mulinux.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
           proxy_pass http://mulinux_com;
        }
    }
}

参考: https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/