Nginx配置https访问代理与ssl自签名证书

2023-10-10  本文已影响0人  Eren_Jaeger

Nginx的详细配置我不具体介绍了,此文章适合对nginx配置有所了解、但不太清楚详细配置的朋友会有所帮助。接下来直接上我的配置文件:

server {
  #当有来自外界访问12123端口时
  listen 12123 ssl;
  charset utf-8;
  # 写你的域名
  server_name eren.demo.com;

  server_tokens off;
  #配置证书的地址,可以写相对路径和绝对路径
  ssl_certificate cert/demo.crt;
  ssl_certificate_key cert/demo.key;

  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;
  ssl_session_tickets off;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;
  #限制文件传输最大为4G
  client_max_body_size 4096m;
    
  location / {
    # _ 代表为空
    root _;
    index _;
    #代理到http://192.168.0.1
    proxy_pass http://192.168.0.1;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_request_buffering off;
    #将http请求升级为websocket连接
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    
    #显示客户端真实IP
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
  }
}
上一篇下一篇

猜你喜欢

热点阅读