API tools faq
paste
Infra_HDC

nginx ssl passthrough multiple upstreams

Infra_HDC
Oct 16th, 2018
192
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.29 KB | None | 0 0
raw download clone embed print report
  1.         upstream proxy-www.example.com {
  2.              server 192.168.aa.bb;
  3.         }
  4.  
  5. #        upstream proxy-mail.example.com {
  6. #              server 192.168.aa.cc;
  7. #        }
  8.  
  9.         upstream proxy-mirror.example.com {
  10.              server 192.168.aa.dd;
  11.         }
  12.  
  13. #       ##
  14. #       # Logging Settings
  15. #       ##
  16.  
  17. #       access_log /var/log/nginx/access.log;
  18. #       error_log /var/log/nginx/error.log debug;
  19.  
  20.  
  21. server {
  22.         # сначала по книжке, ISBN 978-5-94074-961-5, стр. 99
  23. #       listen 443 default ssl;
  24.         listen 443 ssl;
  25.  
  26.         # два хостнейма, см. https://habr.com/post/142363/
  27. #        server_name host04.example.com host05.example.com;
  28. #        server_name host06.example.com;
  29.  
  30.         ssl on;
  31.         #ssl_prefer_server_ciphers on;
  32.         #ssl protocols TLSv1 SSLv3;
  33.         #ssl_ciphers RC4:HIGH:!aNUL:!MD5:@STRENGTH;
  34.         #ssl_session_cache shared:WEB 10m;
  35.         ssl_certificate /path/to/crt.crt;
  36.         ssl_certificate_key /path/to/key.txt;
  37.  
  38.  
  39.         location / {
  40.                 # http://nginx.org/ru/docs/http/ngx_http_core_module.html#resolver
  41.                 # http://nginx.org/ru/docs/http/ngx_http_proxy_module.html#proxy_pass
  42.                 # выкинули из DNS-серверов, будем настраивать с помощью групп upstream -- так проще
  43.                 # resolver 8.8.8.8;
  44.                 # dig -t SOA example.com
  45.                 # resolver ns3-l2.nic.ru;
  46.                 # https://sysadmin.ru/articles/oshibka-nginx-upstream-sent-too-big-header-while-reading-response-header-from-upstream
  47.                 # fastcgi_buffers 16 16k;
  48.                 # fastcgi_buffer_size 32k;
  49.                 # https://stackoverflow.com/questions/13894386/upstream-too-big-nginx-codeigniter
  50.                 proxy_buffer_size   128k;
  51.                 proxy_buffers   4 256k;
  52.                 proxy_busy_buffers_size   256k;
  53.                 # https://serveradmin.ru/nginx-proxy_pass/
  54.                 proxy_pass http://proxy-$host;
  55.                 proxy_set_header X-FORWARDED-PROTO https;
  56.                 proxy_set_header Host $host;
  57.                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  58.                 proxy_set_header X-Real-IP $remote_addr;
  59.         }
  60. }
  61. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!