Apache端,注意Apache需要启用Mod_RPAF,不然Apache的获取不了客户端的真实IP。
<VirtualHost 127.0.0.1:88> ServerAdmin ADMIN_EMAIL DocumentRoot "/home/www/wwwroot/default" ServerName HOSTNAME ErrorLog "/home/www/wwwlogs/error.log" CustomLog "/home/www/wwwlogs/access.log" combined <Directory "/home/www/wwwroot/default"> Options FollowSymLinks AllowOverride All Require all granted DirectoryIndex index.html index.php </Directory> </VirtualHost> |
Nginx端,这个例子里面启用了Spdy协议。
server { listen 80; listen 443 ssl spdy; server_name HOSTNAME; index index.html index.htm index.php; root /usr/home/www/wwwroot/default; ssl_certificate SSL.crt; ssl_certificate_key SSL.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM; ssl_prefer_server_ciphers on; add_header Alternate-Protocol 443:npn-spdy/3; add_header Strict-Transport-Security "max-age=31536000;"; spdy_headers_comp 0; ssl_buffer_size 4k; location / { try_files $uri @apache; } location @apache { internal; proxy_pass http://127.0.0.1:88; include proxy.conf; } location ~ [^/]\.php(/|$){ proxy_pass http://127.0.0.1:88; include proxy.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)${ #这节字段可能导致某些程序出现图片404错误。 expires 30d; } location ~ .*\.(js|css)?${ expires 12h; } access_log off; } |
上个Nginx配置文件中引用到的Proxy.conf文件:
proxy_connect_timeout 30s; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 32k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_redirect off; proxy_hide_header Vary; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; proxy_set_header Accept-Encoding ''; proxy_set_header Host $host; proxy_set_header Referer $http_referer; proxy_set_header Cookie $http_cookie; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-By $server_addr:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; #这个很重要,缺失或导致https重定向Loop. |