Question

我正在尝试弄清楚如何配置我的网站以通过清漆。我正在使用Ubuntu 18.04。我已经尝试了一些已经在网上找到的方法，但是只能使它适用于HTTP，不适用于HTTPS。这是我实际的nginx.conf。我的网站是在React中构建的，如您所见，我的Nginx中已经有一个proxy_pass。

        listen 80;
        listen [::]:80;
        return 301 https://$host$request_uri;
}

server {
        # SSL configuration
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        include snippets/ssl-params.conf;
        client_max_body_size 15M;
        ssl_certificate_key  /srv/www/dev.site.com/ssl/dev.key;
        ssl_certificate  /srv/www/dev.site.com/ssl/dev.chain.crt;

        access_log /srv/www/dev.site.com/logs/temp_access.log;
        error_log /srv/www/dev.site.com/logs/temp_error.log;

        error_page 502 /502.html;
        location = /502.html {
           root /usr/share/nginx/html/;
           allow all;
           internal;


        }


#        root /srv/www/dev.site.com/html;
#        index index.php index.html;

        server_name www.dev.site.com dev.site.com;

        location / {

          proxy_pass            http://127.0.0.1:3000/;
          proxy_http_version    1.1;
          proxy_set_header      Host             $host;
          proxy_set_header      X-Real-IP        $remote_addr;
          proxy_set_header      X-Forwarded-For  $proxy_add_x_forwarded_for;
          proxy_set_header      X-Client-Verify  SUCCESS;
          proxy_set_header      X-Client-DN      $ssl_client_s_dn;
          proxy_set_header      X-SSL-Subject    $ssl_client_s_dn;
          proxy_set_header      X-SSL-Issuer     $ssl_client_i_dn;
          proxy_read_timeout    1800;
          proxy_connect_timeout 1800;

        if ($request_uri ~* ".(ico|css|js|gif|jpe?g|png|json)$") {
                                        expires 30d;
                                        access_log off;
                                        add_header Pragma public;
                                        add_header Cache-Control "public";
                                        break;
}
        }

谢谢

Answer 1

HTTP / 1.1

对于常规的HTTP/1.1请求，此方法应该可以解决问题：

server {
        listen 443 ssl;

        server_name example.com;
        ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
        ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

        location / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
        }
}

请确保您包含正确的证书，并代理正确的主机名/端口。

HTTP / 2

对于HTTP/2请求，您可以使用以下Nginx配置：

server {
        listen 443 ssl http2;

        server_name example.com;
        ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
        ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

        location / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
        }
}

对于 Varnish ，您需要确保将-p feature=+http2运行时标志添加到varnishd进程中。因此varnishd的过程可能看起来像这样：

varnishd -a:80 -f /etc/varnish/default.vcl -s malloc,2g -p feature=+http2

为我的已在Nginx中具有proxy_pass的应用程序配置清漆

1 个答案:

HTTP / 1.1

HTTP / 2