我目前正在使用以下(简化)配置来代理同一端口上的http和https连接(aws elastic beanstalk所需):
server {
listen 777 ssl;
server_name foo.com;
ssl_certificate /etc/Nginx/ssl/foo.crt;
ssl_certificate_key /etc/Nginx/ssl/foo;
root /usr/share/Nginx/www;
index index.html index.htm;
error_page 418 = @upstream;
error_page 497 = @upstream;
location / {
return 418;
}
location @upstream {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
}
我想将上游更改为uwsgi并让uwsgi处理ssl,因为它可以简化部署.
如何在没有Nginx解密ssl流量的情况下调整我的配置以适用于SNI HTTPS和HTTP?
最佳答案