Nginx 反向代理简单使用

Scroll Down

部署了自己的新博客, 已备案, 支持Https 协议, 欢迎光临!

Nginx 反向代理简单使用

简介

需求

  • Nginx 下载安装
  • 配置80代理8090
  • 配置http转https

准备

  • Ubuntu:16+
  • 域名
  • SSL证书

Nginx 下载安装

1. 安装gcc g++的依赖库

apt-get install build-essential
apt-get install libtool

2. 安装pcre依赖库

sudo apt-get update
sudo apt-get install libpcre3 libpcre3-dev

3.安装zlib依赖库

apt-get install zlib1g-dev

4.安装ssl依赖库

apt-get install openssl

5.安装Nginx

apt-get install nginx

配置80代理8090

1.前提条件

  • 服务器域名已备案
  • 域名解析到服务器
  • 申请相关SSL证书
  • 下载证书

2. 配置SSL证书

一下路径都是博主的路径, 仅供参考

# 进入 /etc/nginx/
cd /etc/nginx
# 新建文件夹cert
mkdir cert
# 将证书放入文件夹下
# 推荐上传工具 xftp/ finalshell
# 配置nginx.conf 路径不变
vi nginx.conf
# 如果不配https 没有ssl证书 在配置文件中添加以下内容即可
# 注释的部分取消注释, 将下面第四行删除即可
server {
                listen 80;
                server_name www.iscolt.com;  #将example.cn修改成自己的域名
                rewrite ^(.*)$ https://$host$1 permanent; # 把http的域名请求转成https
                #location / {
                #       rewrite ^/(.*)$ /$1 break;
                #       proxy_redirect off;
                #       proxy_set_header Host $host;
                #       proxy_set_header X-Real-IP $remote_addr;
                #       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                #       proxy_pass http://127.0.0.1:8090; #因为Docker将Halo映射到8090端口,所以我们需要转发到8090>端口
                #}
        }
server {
                listen 443;
                server_name www.iscolt.com; #填写绑定证书的域名
                ssl on;
                ssl_certificate cert/1_www.iscolt.com_bundle.crt;
                ssl_certificate_key cert/2_www.iscolt.com.key;
                ssl_session_timeout 5m;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
                ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
                ssl_prefer_server_ciphers on;
                
                location / {
                        proxy_pass http://www.iscolt.com:8090; #因为Docker将Halo映射到8090端口,所以我们需要转发到8090端口
                }

                location /admin {
                        proxy_pass http://www.iscolt.com:8090/admin; #后台管理
                }
        }

3. 附: 博主的nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

#include /etc/nginx/mime.types;
#default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        #include /etc/nginx/conf.d/*.conf;
        #include /etc/nginx/sites-enabled/*;

        server {
                listen 80;
                server_name www.iscolt.com;  #将example.cn修改成自己的域名
                rewrite ^(.*)$ https://$host$1 permanent; # 把http的域名请求转成https
                #location / {
                #       rewrite ^/(.*)$ /$1 break;
                #       proxy_redirect off;
                #       proxy_set_header Host $host;
                #       proxy_set_header X-Real-IP $remote_addr;
                #       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                #       proxy_pass http://127.0.0.1:8090; #因为Docker将Halo映射到8090端口,所以我们需要转发到8090>端口
                #}
        }

        server {
                listen 443;
                server_name www.iscolt.com; #填写绑定证书的域名
                ssl on;
                ssl_certificate cert/1_www.iscolt.com_bundle.crt;
                ssl_certificate_key cert/2_www.iscolt.com.key;
                ssl_session_timeout 5m;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
                ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
                ssl_prefer_server_ciphers on;
                
                location / {
                        proxy_pass http://www.iscolt.com:8090; #因为Docker将Halo映射到8090端口,所以我们需要转发到8090端口
                }

                location /admin {
                        proxy_pass http://www.iscolt.com:8090/admin; #后台管理
                }
        }

}

#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
# 
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

完结

官方文档: 地址

参考地址: 地址 地址 地址

成功案列: 地址

如有问题, 可以联系博主, 留言评论

支付宝 微信