apache_nginx_ssl站点配置

Apache端,注意Apache需要启用Mod_RPAF,不然Apache的获取不了客户端的真实IP。

<VirtualHost 127.0.0.1:88>
    ServerAdmin ADMIN_EMAIL
    DocumentRoot "/home/www/wwwroot/default"
    ServerName HOSTNAME
    ErrorLog "/home/www/wwwlogs/error.log"
    CustomLog "/home/www/wwwlogs/access.log" combined
 
    <Directory "/home/www/wwwroot/default">
        Options FollowSymLinks
        AllowOverride All
        Require all granted
        DirectoryIndex index.html index.php
    </Directory>
</VirtualHost>

Nginx端,这个例子里面启用了Spdy协议。

server
{
	listen 80;
	listen 443 ssl spdy;
	server_name HOSTNAME;
        index index.html index.htm index.php;
        root  /usr/home/www/wwwroot/default;
 
        ssl_certificate SSL.crt;
	ssl_certificate_key SSL.key;
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_session_cache      shared:SSL:10m;
	ssl_session_timeout  10m; 
	ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
	ssl_prefer_server_ciphers   on;
	add_header Alternate-Protocol  443:npn-spdy/3;
	add_header Strict-Transport-Security "max-age=31536000;";
	spdy_headers_comp 0;
	ssl_buffer_size 4k;
 
	location / {
		try_files $uri @apache;
	}
 
	location @apache {
		internal;
		proxy_pass http://127.0.0.1:88;
		include proxy.conf;
	}
 
	location ~ [^/]\.php(/|$){
		proxy_pass http://127.0.0.1:88;
		include proxy.conf;
	}
 
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)${ 
                #这节字段可能导致某些程序出现图片404错误。
                expires      30d;  
        }
 
        location ~ .*\.(js|css)?${
                expires      12h;
        }
 
        access_log  off;
}

上个Nginx配置文件中引用到的Proxy.conf文件:

proxy_connect_timeout 30s;
proxy_send_timeout   90;
proxy_read_timeout   90;
proxy_buffer_size    32k;
proxy_buffers     4 32k;
proxy_busy_buffers_size 64k;
proxy_redirect     off;
proxy_hide_header  Vary;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header   Accept-Encoding '';
proxy_set_header   Host   $host;
proxy_set_header   Referer $http_referer;
proxy_set_header   Cookie $http_cookie;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header   X-Forwarded-By    $server_addr:$server_port;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Proto $scheme; #这个很重要,缺失或导致https重定向Loop.

还没有评论,快来抢沙发!

发表评论

  • 😉
  • 😐
  • 😡
  • 😈
  • 🙂
  • 😯
  • 🙁
  • 🙄
  • 😛
  • 😳
  • 😮
  • emoji-mrgree
  • 😆
  • 💡
  • 😀
  • 👿
  • 😥
  • 😎
  • ➡
  • 😕
  • ❓
  • ❗
  • 65 queries in 0.385 seconds