您好,新朋友。点击以下按钮加入我们!
一直喜欢安装军哥的lnmp 最近想试下反代我的一个比较慢的杜甫的站
源站是一个https的discuz,ssl证书是let的免费的 想用速度快的vps反代下
请问如何编辑规则?
访问 a.com就是去源站 访问www.a.com就是去反带后的站点
麻烦各位大佬了!
这个小子有点low。。。
不懂你的意思,如果你要 a.com 去源站直接把 a.com 解析去你的杜甫就行了
下面是一个反代的配置文件的例子
server { listen 0.0.0.0:80; server_name yourwebsite.example.org; location / { proxy_pass https://your.server.ip.address; } }
实例 cn.91yun.org反代www.91yun.org server { listen 80; listen 443 ssl; ssl on; #反代镜像站的ssl证书 ssl_certificate /usr/local/nginx/ssl/star.91yun.org.crt; ssl_certificate_key /usr/local/nginx/ssl/star.91yun.org.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; #反代镜像站 cn.91yun.org server_name cn.91yun.org; add_header Strict-Transport-Security "max-age=31536000";
#http强制跳转https if ( $scheme = http ){ return 301 https://$server_name$request_uri; } #cn.91yun.org屏蔽搜索引擎,SEO if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) { return 403; } #反代配置 location / { sub_filter www.91yun.org cn.91yun.org; sub_filter_once off; #向后端传递真实ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer https://www.91yun.org; proxy_set_header Host www.91yun.org; proxy_pass https://www.91yun.org; proxy_set_header Accept-Encoding ""; }
}
大佬你看下 我用www.a.com反代a.com 用的let的ssl证书
你看下这个规则对不对`server { listen 80; listen 443 ssl; ssl on;
ssl_certificate /etc/letsencrypt/live/www.a.com/fullchain.pem; #此文件为源站的文件 ssl_certificate_key /etc/letsencrypt/live/www.a.com/privkey.pem; #此文件为源站的文件 ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "xxxx+xxxx+xxxx+xxxx"; #此数值为源站的数值 ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_dhparam /usr/local/nginx/ssl/dhparam.pem;
server_name www.a.com; add_header Strict-Transport-Security "max-age=31536000";
#http强制跳转https if ( $scheme = http ){ return 301 https://$server_name$request_uri; } #反代配置 location / { sub_filter a.com www.a.com; sub_filter_once off; #向后端传递真实ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer https://a.com; proxy_set_header Host a.com; proxy_pass https://a.com; proxy_set_header Accept-Encoding ""; }`
let 签的证书包括@和www的话,就可以共用一套,否则证书那里要用www.a.com的证书, 大概看了下,应该没啥问题,nginx -t测试,nginx需要编译的模块--with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_realip_module --with-ipv6 --with-http_sub_module
评论
不懂你的意思,如果你要 a.com 去源站直接把 a.com 解析去你的杜甫就行了
下面是一个反代的配置文件的例子
server { listen 0.0.0.0:80; server_name yourwebsite.example.org; location / { proxy_pass https://your.server.ip.address; } }实例 cn.91yun.org反代www.91yun.org
server
{
listen 80;
listen 443 ssl;
ssl on;
#反代镜像站的ssl证书
ssl_certificate /usr/local/nginx/ssl/star.91yun.org.crt;
ssl_certificate_key /usr/local/nginx/ssl/star.91yun.org.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#反代镜像站 cn.91yun.org
server_name cn.91yun.org;
add_header Strict-Transport-Security "max-age=31536000";
#http强制跳转https if ( $scheme = http ){ return 301 https://$server_name$request_uri; } #cn.91yun.org屏蔽搜索引擎,SEO if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) { return 403; } #反代配置 location / { sub_filter www.91yun.org cn.91yun.org; sub_filter_once off; #向后端传递真实ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer https://www.91yun.org; proxy_set_header Host www.91yun.org; proxy_pass https://www.91yun.org; proxy_set_header Accept-Encoding ""; }}
大佬你看下
我用www.a.com反代a.com 用的let的ssl证书
你看下这个规则对不对`server
{
listen 80;
listen 443 ssl;
ssl on;
反代镜像站的ssl证书
ssl_certificate /etc/letsencrypt/live/www.a.com/fullchain.pem; #此文件为源站的文件
ssl_certificate_key /etc/letsencrypt/live/www.a.com/privkey.pem; #此文件为源站的文件
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "xxxx+xxxx+xxxx+xxxx"; #此数值为源站的数值
ssl_session_cache builtin:1000 shared:SSL:10m;
openssl dhparam -out /usr/local/nginx/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/ssl/dhparam.pem;
反代镜像站 www.a.com
server_name www.a.com;
add_header Strict-Transport-Security "max-age=31536000";
#http强制跳转https if ( $scheme = http ){ return 301 https://$server_name$request_uri; } #反代配置 location / { sub_filter a.com www.a.com; sub_filter_once off; #向后端传递真实ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer https://a.com; proxy_set_header Host a.com; proxy_pass https://a.com; proxy_set_header Accept-Encoding ""; }`这个小子有点low。。。
let 签的证书包括@和www的话,就可以共用一套,否则证书那里要用www.a.com的证书,
大概看了下,应该没啥问题,nginx -t测试,nginx需要编译的模块--with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_realip_module --with-ipv6 --with-http_sub_module