reverse proxy HTTP->HTTPS

Kostya Alexandrov koticka at mail.ru
Fri May 30 21:50:51 MSD 2008


You need to setup second server section, where you should configure ssl 
and copy your location(s),
"servers" part of my config looks like, where server.conf contains 
locations:

server {
server_name xxxxxxxxxxxxxxxx;


listen zzzzzz:80;
access_log /data01/www/trading/logs/access_log.nossl;

error_log /data01/www/trading/logs/error_log.nginx warn;

include conf/server.conf;

}

server {
listen zzzzz:443;
server_name xxxxxxxxxxxxxxxxxxxxxx;

ssl on;
ssl_certificate /usr/local/nginx/conf/ssl.cert/server.cert;
ssl_certificate_key /usr/local/nginx/conf/ssl.key/server.key.unsecure;

ssl_session_cache shared:TRADING:150m;
ssl_session_timeout 10m;

access_log /data01/www/trading/logs/access_log.ssl;

error_log /data01/www/trading/logs/error_log.nginx warn;

include conf/server.conf;

}



dm.dv at cia.com wrote:
> Hi ALL!
>
> Sorry for my silly question. I’m tying to set up NGINX as a reverse 
> proxy to translate HTTP->HTTPS.
> Frontend (NGINX) and Backend (Sun Webserver 7.0) are situated at 
> different servers.
> HTTP->HTTP work without any problem, but I cannot make works 
> HTTP->HTTPS (if it is possible at all).
> OS: sun solaris 10 (sparc). Could you please tell me what I’m doing 
> WRONG.
>
> Thank you for your help.
> My configuration:
> ---------------------------------------
> user nginx;
> worker_processes 2;
>
> error_log logs/error.log;
> error_log logs/error.log notice;
>
> pid logs/nginx.pid;
>
>
> events {
> worker_connections 256;
> }
>
>
> http {
> include mime.types;
> default_type application/octet-stream;
>
> log_format main '$remote_addr - $remote_user [$time_local] $request '
> '"$status" $body_bytes_sent "$http_referer" '
> '"$http_user_agent" "$http_x_forwarded_for"';
>
> access_log logs/access.log main;
>
> sendfile on;
> tcp_nopush on;
>
> keepalive_timeout 65;
> #gzip on;
>
> server {
> listen 80;
> server_name wm1.idc.eng.domain.ca;
>
> access_log logs/wm1.access.log main;
> error_log logs/wm1.error.log debug;
>
> location / {
> proxy_pass https://wmail1.prod.domain.ca;
> proxy_redirect default;
>
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> client_max_body_size 10m;
> client_body_buffer_size 128k;
>
> client_body_temp_path /var/nginx/client_body_temp;
>
> proxy_connect_timeout 90;
> proxy_send_timeout 90;
> proxy_read_timeout 90;
> #proxy_send_lowat 12000;
>
> proxy_buffer_size 4k;
> proxy_buffers 4 32k;
> proxy_busy_buffers_size 64k;
> proxy_temp_file_write_size 64k;
>
> proxy_temp_path /var/nginx/proxy_temp;
>
> }
>
> }
>
> }
>
>
>





More information about the nginx-ru mailing list