2023年8月9日 星期三

NGINX Reverse Proxy with SSL

憑證掛在 Reverse Proxy, 內部走 HTTP

/etc/nginx/conf.d/test1.conf

server {
listen 443 ssl;
server_name test1.pank.org;
ssl_certificate /etc/nginx/conf.d/pank.org-crt-chain.pem;
ssl_certificate_key /etc/nginx/conf.d/pank.org-key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
add_header X-Proxy-Cache $upstream_cache_status;
proxy_pass http://192.168.0.27;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

若後端有多台,建立多個 conf 即可
有設定 proxy_set_header X-Forwarded-For 會帶 X-Forwarded-For 到 backend server

沒有留言:

RouterOS Cloud DDNS Server

RouterOS Cloud DDNS Server 是 cloud.mikrotik.com or cloud2.mikrotik.com 若機器上設了很多路由,IP / Cloud 的 DDNS IP 可能不是想要的 可以設這段 static route 159.148.12...