Select Page

Linux 利用Nginx反代并部署https 方法

Linux 利用Nginx反代并部署https 方法

反向代理服务器架设在服务器端,通过缓冲经常被请求的页面来缓解服务器的工作量,将客户机请求转发给内部网络上的目标服务器;并将从服务器上得到的结果返回给Internet上请求连接的客户端,此时代理服务器与目标主机一起对外表现为一个服务器。

 

现在许多大型web网站都用到反向代理。除了可以防止外网对内网服务器的恶性攻击、缓存以减少服务器的压力和访问安全控制之外,还可以进行负载均衡,将用户请求分配给多个服务器。

Nginx作为近年来较火的反向代理服务器,安装在目的主机端,主要用于转发客户机请求,后台有多个http服务器提供服务,nginx的功能就是把请求转发给后面的服务器,决定哪台目标主机来处理当前请求。下面以反代google.com演示如何进行Nginx配置。

配置文件
根据自己的情况更换路径
vim /usr/local/nginx/conf/vhost/example.com.conf
HTTP配置参考
根据自己的情况更换路径

server
{
listen 80;
server_name www.example.com;

if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) {
return 403;
}

location / {
sub_filter www.google.com www.example.com;
sub_filter_once off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer http://www.google.com;
proxy_set_header Host www.google.com;
proxy_pass http://www.google.com;
proxy_set_header Accept-Encoding "";
}
}

HTTPS配置参考

server
{
listen 80;
listen 443 ssl;
ssl on;
ssl_certificate /root/ssl.crt;
ssl_certificate_key /root/ssl.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_name www.example.com;
add_header Strict-Transport-Security "max-age=31536000";

if ( $scheme = http ){
return 301 https://$server_name$request_uri;
}

if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) {
return 403;
}

location / {
sub_filter www.google.com www.example.com;
sub_filter_once off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer https://www.google.com;
proxy_set_header Host www.google.com;
proxy_pass https://www.google.com;
proxy_set_header Accept-Encoding "";
}
}

参数解释

server_name 域名;

sub_filter 被反代的域名 域名;

proxy_set_header Referer http://被反代的域名;

proxy_set_header Host 被反代的域名;

proxy_pass http://被反代的域名;

ssl_certificate SSL证书路径;
ssl_certificate_key SSL证书密钥路径;

if ( $scheme = http ){
return 301 https://$server_name$request_uri;
}

#Nginx强制https 301跳转

if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) {
return 403;
}

#屏蔽搜索引擎的收录

重启Nginx
lnmp nginx restart
参考链接

关于作者

Jackie Sung

Jackie Sung, also known by his nick-name KK, always strives for the best and learn from the best. Influenced by the age of Internet, for the last few years, in his spare time, he's been working and living as a Freelance Web Engineer/ Web Developer & Designer/ Amateur Photographer/ Husky Lover. The work he provides is of highest quality, fully-customized responsive, and tested in a wide range of devices, which typically covers both front-end (HTML5/ CSS3/ JavaScript) and back-end (WordPress as the CMS) responsibilities.

留下你的评论

电子邮件地址不会被公开。 必填项已用*标注

7 − 2 =

Pin It on Pinterest

Share This