Welcome! Log In Create A New Profile

Advanced

Re: Проксирование https-сайта

December 04, 2013 08:06AM
Основной сайт:
DNS:
mysite.com xxx.xxx.xxx.56
my.mysite.com xxx.xxx.xxx.59

Apache:

ServerName localhost
Listen 127.0.0.1:8080
NameVirtualHost *:8080
<VirtualHost *:8080>
ServerAdmin webmaster@mysite.com
DocumentRoot /home/mysite/publics/public_front
ServerName mysite.com
ServerAlias www.mysite.com
ErrorLog /var/log/httpd/mysite.com-error_log
CustomLog /var/log/httpd/mysite.com-access_log common
<Directory /home/mysite/publics/public_front>
Options All -Indexes
AllowOverride All
Order allow,deny
Allow From All
</Directory>
</VirtualHost>

#Личный кабинет

<VirtualHost *:8080>
ServerAdmin webmaster@mysite.com
DocumentRoot /home/mysite/publics/public_my
ServerName my.mysite.com
ErrorLog /var/log/httpd/my.mysite.com-error_log
CustomLog /var/log/httpd/my.mysite.com-access_log common
<Directory /home/mysite/publics/public_my>
Options All -Indexes
AllowOverride All
Order allow,deny
Allow From All
</Directory>
</VirtualHost>

Nginx:

server {
listen xxx.xxx.xxx.56:80;
server_name www.mysite.com mysite.com *.mysite.com;
access_log /var/log/nginx/mysite.com.access.log main;
include "conf.d/redirect.default";
location ~ /\.ht {
deny all;
}
location ~ /\.svn {
deny all;
}
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot|swf)$ {
expires max;
root /home/mysite/publics/public_front;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8080;
}
}

server {
listen xxx.xxx.xxx.56:443;
server_name www.mysite.com mysite.com id.mysite.com;
ssl on;
ssl_certificate /etc/ssl/mysitewld.crt;
ssl_certificate_key /etc/ssl/mysite.key;
ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers AES128-SHA:RC4-SHA:AES256-SHA:DES-CBC3-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:!MD5:!ADH:!DH:!PSK:!SSLv2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/ssl.mysite.com.access.log main;
include "conf.d/redirect.ssl.default";
location ~ /\.ht {
deny all;
}
location ~ /\.svn {
deny all;
}
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot|swf)$ {
expires max;
root /home/mysite/publics/public_front;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTPS on;
proxy_pass http://127.0.0.1:8080;
}

server {
listen xxx.xxx.xxx.59:80;
server_name my.mysite.com;
access_log /var/log/nginx/my.mysite.com.access.log main;
rewrite ^(.*)$ https://my.mysite.com$1;
location ~ /\.ht {
deny all;
}
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot|swf)$ {
expires max;
root /home/mysite/publics/public_my;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:8080;
}
}

server {
listen xxx.xxx.xxx.59:443;
server_name my.mysite.com ;
ssl on;
ssl_certificate /etc/ssl/mysitewld.crt;
ssl_certificate_key /etc/ssl/mysite.key;
ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers AES128-SHA:RC4-SHA:AES256-SHA:DES-CBC3-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:!MD5:!ADH:!DH:!PSK:!SSLv2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/ssl.my.mysite.com.access.log main;
location ~ /\.ht {
deny all;
}
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|js|ico|gif|swf|flv|htm|htc|cur|pdf|ttf|woff|eot)$ {
expires max;
root /home/mysite/publics/public_my;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTPS on;
proxy_pass http://127.0.0.1:8080;
}
}



Зеркало:
DNS:
mymirror.com y.y.y.154
my.mymirror.com y.y.y.155
nginx:
server {
listen yyy.yyy.yyy.154:80 ;
server_name .mymirror.com;
access_log /var/log/nginx/mymirror.com.access.log;
error_log /var/log/nginx/mymirror.com.error.log;
location / {
root /var/www/mymirror.com;
try_files $uri @static;
}
location @static {
include 'mymirror.com.conf';
proxy_cookie_domain mysite.com mymirror.com;
proxy_set_header Accept-Encoding "";
proxy_set_header Host www.mysite.com;
proxy_pass http://www.mysite.com;
proxy_redirect http://www.mysite.com http://mymirror.com;
proxy_redirect https://www.mysite.com https://mymirror.com;
}
}
server {
listen yyy.yyy.yyy.155:443 ssl;
server_name my.mymirror.com www.my.mymirror.com;
access_log /var/log/nginx/mymirror.com.access.log;
error_log /var/log/nginx/mymirror.com.error.log;
location / {
root /var/www/my.mymirror.com;
try_files $uri @static;
}
location @static {
include 'my.mymirror.com.conf';
proxy_cookie_domain my.mysite.com my.mymirror.com;
proxy_set_header Accept-Encoding "";
proxy_set_header Host my.mysite.com;
proxy_pass https://my.mysite.com;
proxy_redirect https://my.mysite.com https://my.mymirror.com;
proxy_redirect http://www.mysite.com http://mymirror.com;
proxy_redirect https://www.mysite.com https://mymirror.com;
}
}
}

mymirror.com проксится великолепно, при переходе на my.mymirror.com Ошибка подключения SSL
Subject Author Posted

Проксирование https-сайта

gadstwo@gmail.com December 02, 2013 04:46AM

Re: Проксирование https-сайта

Dmitriy_K December 03, 2013 07:15AM

Re: Проксирование https-сайта

gadstwo@gmail.com December 04, 2013 08:06AM

Re: Проксирование https-сайта

Dmitriy_K December 04, 2013 08:31AM

Re: Проксирование https-сайта

Васильев "Zmey!" Олег December 06, 2013 05:04AM

Re: Проксирование https-сайта

Dmitriy_K December 06, 2013 03:20PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 335
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready