nginx ssl http auth proxy pass howto
nginx编译支持SSL[*]./configure --with-http_ssl_module
生成ssl证书
[*]cd /usr/local/nginx/conf
[*]openssl genrsa -des3 -out server.key 1024
[*]openssl req -new -key server.key -out server.csr
[*]cp server.key server.key.org
[*]openssl rsa -in server.key.org -out server.key
[*]openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
nginx启用ssl
[*]ssl on;
[*]ssl_certificate /usr/local/nginx/conf/server.crt;
[*]ssl_certificate_key /usr/local/nginx/conf/server.key;
生成htpasswd文件
[*]htpasswd -c /usr/local/nginx/conf/passwd test
nginx启用httpauth
[*]auth_basic "111111";
[*]uth_basic_user_file/usr/local/nginx/conf/passwd;
nginx启用反向代理
[*]proxy_pass https://127.0.0.1:10000;
最后的nginx.conf如下
[*]usernobody;
[*]worker_processes1;
[*]events {
[*] worker_connections1024;
[*]}
[*]http {
[*] include mime.types;
[*] default_typeapplication/octet-stream;
[*] sendfile on;
[*] keepalive_timeout65;
[*] gzipon;
[*] server {
[*] listen 443;
[*] server_namelocalhost;
[*]ssl on;
[*] ssl_certificate server.crt;
[*] ssl_certificate_keyserver.key;
[*] ssl_session_timeout5m;
[*] ssl_protocolsTLSv1;
[*] ssl_ciphersHIGH:!aNULL:!MD5;
[*] ssl_prefer_server_ciphers on;
[*] location / {
[*] root html;
[*] indexindex.html index.htm;
[*] auth_basic "111111";
[*] auth_basic_user_file/usr/local/nginx/conf/passwd;
[*] proxy_pass https://127.0.0.1:10000;
[*] }
[*] error_page 500 502 503 504/50x.html;
[*] }
[*]}
页:
[1]