Re: Проксирование https-сайта

gadstwo@gmail.com nginx-forum at nginx.us
Wed Dec 4 13:06:06 UTC 2013


Основной сайт:
DNS:
mysite.com xxx.xxx.xxx.56
my.mysite.com xxx.xxx.xxx.59

Apache:

ServerName localhost
Listen 127.0.0.1:8080
NameVirtualHost *:8080
<VirtualHost *:8080>
    ServerAdmin webmaster at mysite.com
    DocumentRoot /home/mysite/publics/public_front
    ServerName mysite.com
    ServerAlias www.mysite.com
    ErrorLog /var/log/httpd/mysite.com-error_log
    CustomLog /var/log/httpd/mysite.com-access_log common
    <Directory /home/mysite/publics/public_front>
        Options All -Indexes
        AllowOverride All
        Order allow,deny
        Allow From All
    </Directory>
</VirtualHost>

#Личный кабинет

<VirtualHost *:8080>
    ServerAdmin webmaster at mysite.com
    DocumentRoot /home/mysite/publics/public_my
    ServerName my.mysite.com
    ErrorLog /var/log/httpd/my.mysite.com-error_log
    CustomLog /var/log/httpd/my.mysite.com-access_log common
    <Directory /home/mysite/publics/public_my>
        Options All -Indexes
        AllowOverride All
        Order allow,deny
        Allow From All
    </Directory>
</VirtualHost>

Nginx:

server {
    listen       xxx.xxx.xxx.56:80;
    server_name  www.mysite.com mysite.com *.mysite.com;
    access_log  /var/log/nginx/mysite.com.access.log main;
    include "conf.d/redirect.default";
    location ~ /\.ht {
        deny  all;
    }
    location ~ /\.svn {
        deny  all;
    }
    location ~*
^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot|swf)$
{
        expires max;
        root /home/mysite/publics/public_front;
    }
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass   http://127.0.0.1:8080;
    }
}

server {
    listen       xxx.xxx.xxx.56:443;
    server_name  www.mysite.com mysite.com id.mysite.com;
    ssl                  on;
    ssl_certificate     /etc/ssl/mysitewld.crt;
    ssl_certificate_key /etc/ssl/mysite.key;
    ssl_session_cache    shared:SSL:10m;ssl_session_timeout  10m;
    ssl_protocols  SSLv3 TLSv1;
    ssl_ciphers 
AES128-SHA:RC4-SHA:AES256-SHA:DES-CBC3-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:!MD5:!ADH:!DH:!PSK:!SSLv2;
    ssl_prefer_server_ciphers   on;
    access_log  /var/log/nginx/ssl.mysite.com.access.log main;
    include "conf.d/redirect.ssl.default";
    location ~ /\.ht {
        deny  all;
    }
    location ~ /\.svn {
        deny  all;
    }
    location ~*
^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot|swf)$
{
        expires max;
        root /home/mysite/publics/public_front;
    }
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HTTPS on;
        proxy_pass   http://127.0.0.1:8080;
    }

server {
    listen       xxx.xxx.xxx.59:80;
    server_name  my.mysite.com;
    access_log  /var/log/nginx/my.mysite.com.access.log main;
    rewrite ^(.*)$ https://my.mysite.com$1;
    location ~ /\.ht {
        deny  all;
    }
    location ~*
^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot|swf)$
{
        expires max;
        root /home/mysite/publics/public_my;
    }
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass   http://127.0.0.1:8080;
    }
}

server {
    listen       xxx.xxx.xxx.59:443;
    server_name  my.mysite.com ;
    ssl                  on;
    ssl_certificate     /etc/ssl/mysitewld.crt;
    ssl_certificate_key /etc/ssl/mysite.key;
    ssl_session_cache    shared:SSL:10m;ssl_session_timeout  10m;
    ssl_protocols  SSLv3 TLSv1;
    ssl_ciphers 
AES128-SHA:RC4-SHA:AES256-SHA:DES-CBC3-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:!MD5:!ADH:!DH:!PSK:!SSLv2;
    ssl_prefer_server_ciphers   on;
    access_log  /var/log/nginx/ssl.my.mysite.com.access.log main;
    location ~ /\.ht {
        deny  all;
    }
    location ~*
^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot)$
{
        expires max;
        root /home/mysite/publics/public_my;
    }
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HTTPS on;
        proxy_pass   http://127.0.0.1:8080;
    }
}
	
	
	
	Зеркало: 
	DNS: 
	mymirror.com y.y.y.154
	my.mymirror.com y.y.y.155
	nginx:
	    server {
        listen        yyy.yyy.yyy.154:80 ;
        server_name     .mymirror.com;
        access_log   /var/log/nginx/mymirror.com.access.log;
        error_log    /var/log/nginx/mymirror.com.error.log;
        location / {
            root /var/www/mymirror.com;
            try_files $uri @static;
        }
        location @static {
            include 'mymirror.com.conf';
            proxy_cookie_domain mysite.com mymirror.com;
            proxy_set_header Accept-Encoding "";
            proxy_set_header      Host     www.mysite.com;
            proxy_pass http://www.mysite.com;
            proxy_redirect http://www.mysite.com http://mymirror.com;
            proxy_redirect https://www.mysite.com https://mymirror.com;
        }
    }
    server {
        listen         yyy.yyy.yyy.155:443 ssl;
        server_name     my.mymirror.com www.my.mymirror.com;
        access_log   /var/log/nginx/mymirror.com.access.log;
        error_log    /var/log/nginx/mymirror.com.error.log;
        location / {
            root /var/www/my.mymirror.com;
            try_files $uri @static;
        }
        location @static {
            include 'my.mymirror.com.conf';
            proxy_cookie_domain my.mysite.com my.mymirror.com;
            proxy_set_header Accept-Encoding "";
            proxy_set_header      Host     my.mysite.com;
            proxy_pass https://my.mysite.com;
            proxy_redirect https://my.mysite.com https://my.mymirror.com;
            proxy_redirect http://www.mysite.com http://mymirror.com;
            proxy_redirect https://www.mysite.com https://mymirror.com;
       }
    }
}

mymirror.com проксится великолепно, при переходе на my.mymirror.com Ошибка
подключения SSL

Posted at Nginx Forum: http://forum.nginx.org/read.php?21,245115,245200#msg-245200



Подробная информация о списке рассылки nginx-ru