通过ssl

2018-06-11 08:11:37

我试图在我的nginx服务器上设置SSL，它在纯网站上工作，这只是nginx的欢迎默认页面，但是当我尝试任何配置的proxy_pass位置时，我得到一个cloudflare 526无效的SSL证书错误，到502坏的网关。我正在使用的证书是自签名的，并且cloudflare SSL设置为已满（不严格）。

这是我在我的日志上得到的错误：

2017/11/28 22:59:10 [error] 11457#11457: *2 upstream prematurely closed connection while reading response header from upstream, client:  141.101.104.32, server: web1.olympiccode.net, request: "GET /r/ HTTP/1.1", upstream: "http://127.0.0.1:2000/r/", host: "web1.olympiccode.net", referrer: "https://web1.olympiccode.net/r"

这是我的配置：

user www-data;
worker_processes 1;
pid /run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    send_timeout 1800;
    sendfile        on;
    keepalive_timeout  6500;

    ssl_certificate      server.crt;
    ssl_certificate_key  server.key;
    ssl_session_timeout  5m;
    ssl_protocols        SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;


server {
    listen       80;
    server_name  web1.olympiccode.net;
    return 200 "hi";
}
# HTTPS server

server {
    listen       443 ssl;
    server_name  web1.olympiccode.net;
    root /usr/share/nginx/html;
    ssl on;
    location / {
     try_files $uri $uri/ =404;
    }
    location /r/ {
      auth_basic "RethinkDB - Web Panel";
      auth_basic_user_file /etc/nginx/.rethinkdb.pass;
      proxy_pass          http://localhost:2000;
      proxy_set_header    Host             $host;
      proxy_set_header    X-Real-IP        $remote_addr;
      proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header    X-Client-Verify  SUCCESS;
      proxy_set_header    X-Client-DN      $ssl_client_s_dn;
      proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
      proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
      proxy_read_timeout 1800;
      proxy_connect_timeout 1800;
    }
    location /status/ {
      proxy_pass          http://localhost:19999;
      proxy_set_header    Host             $host;
      proxy_set_header    X-Real-IP        $remote_addr;
      proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header    X-Client-Verify  SUCCESS;
      proxy_set_header    X-Client-DN      $ssl_client_s_dn;
      proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
      proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
      proxy_read_timeout 1800;
      proxy_connect_timeout 1800;
    }
}
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

链接地址: http://www.djcxy.com/p/32551.html

上一篇: pass over ssl

下一篇: Nginx reverse proxy apache on centos 7, configuring both http and https