如何使用HttpSubsModule纠正Nginx反向代理
如何使用HttpSubsModule纠正Nginx反向代理
提问于 2014-10-31 15:47:15
我正在努力使我的网站使用我自己的域名与SSL/https(https://example.com),并显示我的Tumblr博客没有Tumblr URL(example.tumblr.com)。
Nginx和/etc/nginx/HttpSubsModule-available/reverse-proxy中添加了站点(由姚伟斌提供支持),并提供了以下功能:
server
{
listen 443;
server_name example.com;
ssl on;
ssl_certificate /root/example_com.crt;
ssl_certificate_key /root/example.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
location / {
subs_filter_types text/html text/css text/xml;
subs_filter example.tumblr.com example.com g;
proxy_redirect http://example.tumblr.com/ /;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host "example.tumblr.com";
proxy_set_header Accept-Encoding "";
proxy_pass http://example.tumblr.com;
}
}
server
{
listen 80;
server_name example.com;
rewrite ^(.*) https://example.com/$1 permanent;
}2出现问题:1加载https://example.com时检测到Chrome签名的混合内容,2单击任何图像时未找到2404。
你知道我做错了什么吗?非常感谢。
回答 1
Stack Overflow用户
发布于 2016-01-08 05:04:12
该网站能够按照如下配置正常工作:
server {
listen 443 ssl spdy;
server_name example.org;
ssl on;
ssl_certificate /etc/nginx/ssl/example_org.crt;
ssl_certificate_key /etc/nginx/ssl/example_org.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/certs/dhparam.pem;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
subs_filter_types text/css text/xml application/xhtml+xml application/xml;
subs_filter 'example.tumblr.com' 'example.org' g;
subs_filter 'http:' 'https:' g;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host "example.tumblr.com";
proxy_pass http://example.tumblr.com;
proxy_ssl_session_reuse on;
proxy_cache_key "$scheme://$host$request_uri";
proxy_cache cache_one;
proxy_cache_valid 200 304 3h;
proxy_cache_valid 301 1d;
proxy_cache_valid any 10s;
}
}
server {
listen 80;
server_name example.org www.example.org;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
server_name www.example.org;
return 301 https://example.org$request_uri;
}
server {
listen 80;
server_name 178.60.000.00;
return 301 https://example.org$request_uri;
}在这种情况下,请注意代码subs_filter 'http:' 'https:' g;,它是成功配置代理保留的关键代码。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/26669711
复制相关文章
相似问题
腾讯云开发者
