How to implement ssl reverse proxy in nginx

Steps:

1. Generate an authoritative SSL certificate pair (if you issue it yourself, then https is not recognized by the browser, that is, there will be a big red cross on https)

Recommend a free website:

2. Deploy nginx based on ssl.key and ssl.crt

First nginx needs to support ssl_module, and then modify nginx.conf as follows

server {
  listen  443;
  server_name localhost;

  ssl     on;
  ssl_certificate  /opt/tengine/conf/ssl/free4lab.crt;
  ssl_certificate_key /opt/tengine/conf/ssl/free4lab_nopass.key;

  ssl_session_timeout 5m;
 }

Place the crt file and key file in the corresponding locations. Notice that the key here is nopassword, which means you do not need to enter a password when restarting nginx.

free4lab_nopass.key is generated based on free4lab.key. The generation command is as follows:

openssl rsa -in free4lab.key -out free4lab_nopass.key

Then enter the password

3. Modify the corresponding service configuration file and listen to port 443

upstream account.free4lab.com {
 session_sticky cookie=uid fallback=on path=/ mode=insert option=indirect;
 server 192.168.1.62:8084 weight=10;
 server 192.168.1.63:8082 weight=10;
}
server {
 listen 80;
 listen 443;
 server_name account.free4lab.com;
 location / {
  session_sticky_hide_cookie upstream=account.free4lab.com;
  proxy_pass http://account.free4lab.com;
 }
}

Visit https://account.free4lab.com like this, the mark above https will be green! enjoy

The above is the detailed content of How to implement ssl reverse proxy in nginx. For more information, please follow other related articles on the PHP Chinese website!