SSL NGINX + SSL IIS Update

Мисбах-Соловьëв Вадим mva mva.name
14 11:33:17 UTC 2011


,    (  , ,       ),    -  . ,  .
     -            ӣ   .

   
On  14  2011 18:14:03 KRAT, Fixid <nginx-forum  nginx.us> wrote:

> ,    
>  :
> 
> - - [14/Nov/2011:12:04:53 +0300] "GET / HTTP/1.1" 302 154 "-"
> "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
> - - [14/Nov/2011:12:04:58 +0300] "-" 400 0 "-" "-" "-"
> - - [14/Nov/2011:12:05:20 +0300] "GET / HTTP/1.1" 200 4142 "-"
> "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
> 
> - - [14/Nov/2011:13:12:14 +0300] "-" 400 0 "-" "-" "-"
> - - [14/Nov/2011:13:12:37 +0300] "GET / HTTP/1.1" 200 4144 "-"
> "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
> 
> - - [14/Nov/2011:12:04:53 +0300] "GET / HTTP/1.1" 302 154 "-"
> "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
> - - [14/Nov/2011:12:04:58 +0300] "-" 400 0 "-" "-" "-"
> - - [14/Nov/2011:12:05:20 +0300] "GET / HTTP/1.1" 200 4142 "-"
> "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
> 
> 2011/11/14 14:02:24 [crit] 11819#0: *26 rename() "/var/www/0000000013"
> to "/var/www/" failed (20: Not a directory) while reading upstream,
> client: 111.222.333.444, server: www.test.com, request: "GET /
> HTTP/1.1", upstream: "https://IIS:500/", host: "www.test.com"
> 
>     
>  ,    
>  .
>      
>  ?     
>   .
> IIS  Win2008
> 
> nginx.conf:
> 
> user  nginx;
> worker_processes  4;
> worker_rlimit_nofile 100000;
> timer_resolution 100ms;
> 
> 
> error_log   /var/log/nginx/error.log;
> #error_log  /var/log/nginx/error.log  notice;
> #error_log  /var/log/nginx/error.log  info;
> 
> pid        /var/run/nginx.pid;
> 
> 
> events {
>     worker_connections  5024;
>     use epoll;
> }
> 
> 
> http {
>     include       /etc/nginx/mime.types;
>     default_type  application/octet-stream;
> 
>     log_format  main  '$remote_addr - $remote_user [$time_local]
> "$request" '
>                       '$status $body_bytes_sent "$http_referer" '
>                       '"$http_user_agent" "$http_x_forwarded_for"';
> 
>     access_log  /var/log/nginx/access.log  main;
> 
>     sendfile        on;
>     tcp_nopush      on;
>     tcp_nodelay     on;
>     server_tokens   off;
>     gzip            on;
>     gzip_static     on;
>     gzip_comp_level 5;
>     gzip_min_length 1024;
>     keepalive_timeout  25;
>     limit_zone   myzone  $binary_remote_addr  10m;
> 
>     # Load config files from the /etc/nginx/conf.d directory
>     include /etc/nginx/conf.d/*.conf;
> 
>     server {
>         listen 80 default;
>         rewrite ^ https://www.test.com/;
>     }
> }
> 
> #
> # HTTPS server configuration
> #
> upstream backend-secure {
>   server www.test.com:443;
>   }
> 
> server {
>     listen       443 default;
>     server_name  www.test.com ;
>     server_tokens off;
>     ##########################
>     #  GZIP
>     ##########################
>     gzip             on;
>     gzip_min_length  15;
>     gzip_buffers 16 8k;
>     gzip_proxied     any;
>     gzip_disable     "msie6";
>     gzip_comp_level  5;
>     #########################
>     #  SSL
>     #########################
>     keepalive_timeout 60s;
>     sendfile        on;
>     tcp_nodelay on;
>     expires 10s; #  
>     ssl                  on;
>     ssl_certificate      /etc/nginx/conf.d/certificate.cer;
>     ssl_certificate_key  /etc/nginx/conf.d/rsa.key;
> 
>     ssl_session_cache    shared:SSL:10m;
>     ssl_session_timeout  20m;
> 
>     ssl_protocols  SSLv2 SSLv3 TLSv1;
>     ssl_ciphers 
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
>     ssl_prefer_server_ciphers   on;
> 
>     if ($host = "test.com" ) {
>     rewrite ^ https://www.test.com/;
> }
>     location / {
>         proxy_pass https://IIS:500/;
>         proxy_redirect off;
>         proxy_ignore_client_abort off;
>         proxy_connect_timeout 600;
>         proxy_send_timeout 600;
>         proxy_read_timeout 600;
>         proxy_ignore_headers Expires Cache-Control;
>         proxy_hide_header Vary;
>         proxy_ssl_session_reuse on;
>         proxy_set_header Host $host;
>         proxy_set_header X-Real-IP $remote_addr;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>         #   
>         proxy_store on;
>         proxy_store_access user:rw group:rw all:r;
>         proxy_temp_path /var/www/;
>         root /var/www/;
>         ########################
>         # proxy
>         #######################
>         #proxy_cache on;
>     }
> 
>     #######################
>     #  Statistic
>     #######################
>     location = /stat {
>         stub_status on;
>         access_log  off;
>         allow 111.222.333.444;
>         deny all;
>     }
> }
> 
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?21,218301,218301#msg-218301
> 
> _______________________________________________
> nginx-ru mailing list
> nginx-ru  nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-ru

-- 
 ,
mva



nginx-ru