Re: Проксирование https-сайта
gadstwo@gmail.com
nginx-forum at nginx.us
Wed Dec 4 13:06:06 UTC 2013
Основной сайт:
DNS:
mysite.com xxx.xxx.xxx.56
my.mysite.com xxx.xxx.xxx.59
Apache:
ServerName localhost
Listen 127.0.0.1:8080
NameVirtualHost *:8080
<VirtualHost *:8080>
ServerAdmin webmaster at mysite.com
DocumentRoot /home/mysite/publics/public_front
ServerName mysite.com
ServerAlias www.mysite.com
ErrorLog /var/log/httpd/mysite.com-error_log
CustomLog /var/log/httpd/mysite.com-access_log common
<Directory /home/mysite/publics/public_front>
Options All -Indexes
AllowOverride All
Order allow,deny
Allow From All
</Directory>
</VirtualHost>
#Личный кабинет
<VirtualHost *:8080>
ServerAdmin webmaster at mysite.com
DocumentRoot /home/mysite/publics/public_my
ServerName my.mysite.com
ErrorLog /var/log/httpd/my.mysite.com-error_log
CustomLog /var/log/httpd/my.mysite.com-access_log common
<Directory /home/mysite/publics/public_my>
Options All -Indexes
AllowOverride All
Order allow,deny
Allow From All
</Directory>
</VirtualHost>
Nginx:
server {
listen xxx.xxx.xxx.56:80;
server_name www.mysite.com mysite.com *.mysite.com;
access_log /var/log/nginx/mysite.com.access.log main;
include "conf.d/redirect.default";
location ~ /\.ht {
deny all;
}
location ~ /\.svn {
deny all;
}
location ~*
^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot|swf)$
{
expires max;
root /home/mysite/publics/public_front;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8080;
}
}
server {
listen xxx.xxx.xxx.56:443;
server_name www.mysite.com mysite.com id.mysite.com;
ssl on;
ssl_certificate /etc/ssl/mysitewld.crt;
ssl_certificate_key /etc/ssl/mysite.key;
ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers
AES128-SHA:RC4-SHA:AES256-SHA:DES-CBC3-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:!MD5:!ADH:!DH:!PSK:!SSLv2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/ssl.mysite.com.access.log main;
include "conf.d/redirect.ssl.default";
location ~ /\.ht {
deny all;
}
location ~ /\.svn {
deny all;
}
location ~*
^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot|swf)$
{
expires max;
root /home/mysite/publics/public_front;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTPS on;
proxy_pass http://127.0.0.1:8080;
}
server {
listen xxx.xxx.xxx.59:80;
server_name my.mysite.com;
access_log /var/log/nginx/my.mysite.com.access.log main;
rewrite ^(.*)$ https://my.mysite.com$1;
location ~ /\.ht {
deny all;
}
location ~*
^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot|swf)$
{
expires max;
root /home/mysite/publics/public_my;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8080;
}
}
server {
listen xxx.xxx.xxx.59:443;
server_name my.mysite.com ;
ssl on;
ssl_certificate /etc/ssl/mysitewld.crt;
ssl_certificate_key /etc/ssl/mysite.key;
ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers
AES128-SHA:RC4-SHA:AES256-SHA:DES-CBC3-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:!MD5:!ADH:!DH:!PSK:!SSLv2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/ssl.my.mysite.com.access.log main;
location ~ /\.ht {
deny all;
}
location ~*
^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot)$
{
expires max;
root /home/mysite/publics/public_my;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTPS on;
proxy_pass http://127.0.0.1:8080;
}
}
Зеркало:
DNS:
mymirror.com y.y.y.154
my.mymirror.com y.y.y.155
nginx:
server {
listen yyy.yyy.yyy.154:80 ;
server_name .mymirror.com;
access_log /var/log/nginx/mymirror.com.access.log;
error_log /var/log/nginx/mymirror.com.error.log;
location / {
root /var/www/mymirror.com;
try_files $uri @static;
}
location @static {
include 'mymirror.com.conf';
proxy_cookie_domain mysite.com mymirror.com;
proxy_set_header Accept-Encoding "";
proxy_set_header Host www.mysite.com;
proxy_pass http://www.mysite.com;
proxy_redirect http://www.mysite.com http://mymirror.com;
proxy_redirect https://www.mysite.com https://mymirror.com;
}
}
server {
listen yyy.yyy.yyy.155:443 ssl;
server_name my.mymirror.com www.my.mymirror.com;
access_log /var/log/nginx/mymirror.com.access.log;
error_log /var/log/nginx/mymirror.com.error.log;
location / {
root /var/www/my.mymirror.com;
try_files $uri @static;
}
location @static {
include 'my.mymirror.com.conf';
proxy_cookie_domain my.mysite.com my.mymirror.com;
proxy_set_header Accept-Encoding "";
proxy_set_header Host my.mysite.com;
proxy_pass https://my.mysite.com;
proxy_redirect https://my.mysite.com https://my.mymirror.com;
proxy_redirect http://www.mysite.com http://mymirror.com;
proxy_redirect https://www.mysite.com https://mymirror.com;
}
}
}
mymirror.com проксится великолепно, при переходе на my.mymirror.com Ошибка
подключения SSL
Posted at Nginx Forum: http://forum.nginx.org/read.php?21,245115,245200#msg-245200
Подробная информация о списке рассылки nginx-ru