以前方一臺服務器開放80和443端口,代理跳轉到後方服務器,通過內網IP連接,無需暴露後方服務器IP及開放對外端口。
我用這個是在服務器上建了一個gitblit版本庫和一個文件共享的服務,但是gitblit通過域名訪問無法正確生成倉庫地址,用IP+端口就可以,猜測是gitblit配置裏需要指明證書或者域名配置,但是在網上沒有找到gitblit的配置文件詳解,全部都是安裝的文檔,win的文檔還是太少了,gitlab上面應該也是有對應配置的吧
一共4個server塊,兩兩對應,從下往上配置的,最下面的兩個爲訪問那兩個域名則默認加上https前綴跳轉
rewrite ^(.*)$ https://$server_name$1 permanent \\匹配該server塊內的server_name加上https前綴;
charset utf-8 \\指定nginx字符集;
server_tokens off \\關閉版本號,nginx1.15版本以後不用加ssl on了;
listen 443 ssl \\默認監聽ssl443端口;
ssl_certificate \\證書路徑,如果證書沒有放在nginx的conf目錄下則需要寫絕對路徑
ssl_certificate_key \\私鑰路徑
upstream chfs {
server 172.45.1.30:2345;
}
upstream git {
server 172.45.1.30:22222;
}
server {
server_name git.ziko.info;
charset utf-8;
server_tokens off;
listen 443 ssl;
ssl_certificate qy.crt;
ssl_certificate_key qy.key;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://git;
}
}
server {
server_name chfs.ziko.info;
charset utf-8;
server_tokens off;
listen 443 ssl;
ssl_certificate qy.crt;
ssl_certificate_key qy.key;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://chfs;
}
}
server {
listen 80;
server_name git.ziko.info;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
server {
listen 80;
server_name chfs.ziko.info;
rewrite ^(.*)$ https://$server_name$1 permanent;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}