nginx使用https并做反向代理

1、HTTPS证书可使用阿里云CAS免费证书；申请流程请自行摸索；这里假设你已经申请通过并下载好相关文件了
2、将下载的文件放入nginx安装目录中
3、nginx配置文件代码如下：

server {
listen 443 ssl http2 default_server;
server_name proxy.nasus.top;
access_log /data/wwwlogs/proxy.nasus.top_nginx.log combined;

ssl_certificate cert/213989507530612.pem;#下载的证书文件
ssl_certificate_key cert/213989507530612.key;#下载的证书文件
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://127.0.0.1:8282;#反向代理地址
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
rewrite /(.) /$1 break;
proxy_redirect off;
}
}
server {
listen 80;
server_name proxy.nasus.top;
rewrite ^(.) https://$server_name$1 permanent;
}

4、负载均衡即是反向代理的一种应用
在配置文件的最前面加上如下代码：

upstream monitor_server {
server 192.168.0.131:80;
server 192.168.0.132:80;
}

修改server中的反向代理地址为：

proxy_pass http://monitor\_server;#反向代理地址