curl nginx(proxy_connect) nginx(NAS) | | | | | | (1) |-- CONNECT 443 -> | | | | | | |---- [ TCP connection ]--->| | | | | | | (2) |<- HTTP/1.1 200 --------| | | | | | 建立连接成功 | | | | ========= 内网隧道通讯(依赖组件,我这里使用n2n) ======= | | | | | | | | [ SSL stream ] | | (3) |---[ GET / HTTP/1.1] -->| [ SSL stream ] | | [ Host: xxxx.com] |--- [ GET / HTTP/1.1 ] -->. | | [ Host: xxxx.com ] | | | | | | | | | | | | | | | [ SSL stream ] | | [ SSL stream ] | <--[ HTTP/1.1 200 OK ]---' |<--[ HTTP/1.1 200 OK ]--| [ < html page > ] | | [ < html page > ] | | | | | | | |
nginx转发配置参考,注意该nginx服务器需要配置hosts指向
server { listen 80; server_name xxx.com www.xxx.com; return 301 https://www.xxx.com$request_uri; } server { listen 443 ssl; server_name xxx.com; return 301 https://www.xxx.com$request_uri; ssl on; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_certificate /usr/local/nginx/conf/keys/xxx.com.pem; ssl_certificate_key /usr/local/nginx/conf/xxx.com.key; } server { listen 443 ssl; server_name www.xxx.com; charset utf-8; error_log /var/log/nginx/xxx.com.error_log info; access_log /var/log/nginx/xxx.com.access_log json_log; allow all; autoindex off; concat on; concat_max_files 40; ssl on; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_certificate /usr/local/nginx/conf/keys/xxx.com.pem; ssl_certificate_key /usr/local/nginx/conf/keys/xxx.com.key; location / { proxy_pass https://www.xxx.com:443; } }
