Select Page

Linux 利用Nginx反代并部署https 方法

Linux 利用Nginx反代并部署https 方法

反向代理服务器架设在服务器端,通过缓冲经常被请求的页面来缓解服务器的工作量,将客户机请求转发给内部网络上的目标服务器;并将从服务器上得到的结果返回给Internet上请求连接的客户端,此时代理服务器与目标主机一起对外表现为一个服务器。

 

现在许多大型web网站都用到反向代理。除了可以防止外网对内网服务器的恶性攻击、缓存以减少服务器的压力和访问安全控制之外,还可以进行负载均衡,将用户请求分配给多个服务器。

Nginx作为近年来较火的反向代理服务器,安装在目的主机端,主要用于转发客户机请求,后台有多个http服务器提供服务,nginx的功能就是把请求转发给后面的服务器,决定哪台目标主机来处理当前请求。下面以反代google.com演示如何进行Nginx配置。

配置文件
根据自己的情况更换路径
vim /usr/local/nginx/conf/vhost/example.com.conf
HTTP配置参考
根据自己的情况更换路径

server
{
listen 80;
server_name www.example.com;

if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) {
return 403;
}

location / {
sub_filter www.google.com www.example.com;
sub_filter_once off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer http://www.google.com;
proxy_set_header Host www.google.com;
proxy_pass http://www.google.com;
proxy_set_header Accept-Encoding "";
}
}

HTTPS配置参考

server
{
listen 80;
listen 443 ssl;
ssl on;
ssl_certificate /root/ssl.crt;
ssl_certificate_key /root/ssl.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_name www.example.com;
add_header Strict-Transport-Security "max-age=31536000";

if ( $scheme = http ){
return 301 https://$server_name$request_uri;
}

if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) {
return 403;
}

location / {
sub_filter www.google.com www.example.com;
sub_filter_once off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer https://www.google.com;
proxy_set_header Host www.google.com;
proxy_pass https://www.google.com;
proxy_set_header Accept-Encoding "";
}
}

参数解释

server_name 域名;

sub_filter 被反代的域名 域名;

proxy_set_header Referer http://被反代的域名;

proxy_set_header Host 被反代的域名;

proxy_pass http://被反代的域名;

ssl_certificate SSL证书路径;
ssl_certificate_key SSL证书密钥路径;

if ( $scheme = http ){
return 301 https://$server_name$request_uri;
}

#Nginx强制https 301跳转

if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) {
return 403;
}

#屏蔽搜索引擎的收录

重启Nginx
lnmp nginx restart
参考链接

About The Author

Jackie Sung

Jackie Sung, also known by his nick-name KK, always strives for the best and learn from the best. Influenced by the age of Internet, for the last few years, in his spare time, he's been working and living as a Freelance Web Engineer/ Web Developer & Designer/ Amateur Photographer/ Husky Lover. The work he provides is of highest quality, fully-customized responsive, and tested in a wide range of devices, which typically covers both front-end (HTML5/ CSS3/ JavaScript) and back-end (WordPress as the CMS) responsibilities.

5 Comments

  1. power up premium

    Wow that was odd. I just wrote an incredibly long comment but after I clicked submit my comment didn't show up.
    Grrrr... well I'm not writing all that over again. Regardless,
    just wanted to say wonderful blog!

    回复
  2. Member XXL cosa incide sull'efficacia

    It's the best time to make some plans for the future and
    it is time to be happy. I've read this put up and if I may I desire to recommend you some interesting things
    or suggestions. Perhaps you could write next articles
    regarding this article. I want to learn more things approximately it!

    回复
  3. agrandamiento de pene

    Hi, i read your blog occasionally and i own a similar one and i was just wondering
    if you get a lot of spam feedback? If so how do you protect against it, any plugin or anything you can recommend?
    I get so much lately it's driving me insane so any help is very much appreciated.

    回复

Leave a reply

电子邮件地址不会被公开。 必填项已用*标注

2 × 3 =

Pin It on Pinterest

Share This