反向代理是什么?就是利用中间服务器进行转接从而到达最终目的服务器,宾馆电话知道吧,想打电话到某个房间,但不知道房号,于是电话打至前台,由前台转接至具体房间,反代也是同理,主要目的就是隐藏目的服务器的真实地址。我折腾了好多次都没弄好,最近也一直在网上找资料学习,终于在经过无数次尝试之后搞定了,现把过程记录下来,以供日后翻阅。
我自己有个博客站,开启了https,反代会遇到http和https两种情况,我们一个一个来说:
啥?还没有自己的服务器?没关系,现在先去买一个吧:VPS优惠
假如你要用b.com来反代a.com
[qgg_green]HTTP镜像[/qgg_green]
HTTP 镜像适用于:添加虚拟主机时选择不启用 SSL 证书,并且被镜像的域名也没有启用 SSL 证书
打开/usr/local/nginx/conf/vhost
找到 b.com.conf 下载到本地
打开 b.com.conf 删除所有内容,然后把以下内容复制到 b.com.conf
server { listen 80; server_name b.com; if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo| sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) { return 403; } location / { sub_filter a.com b.com; sub_filter_once off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer http://a.com; proxy_set_header Host a.com; proxy_pass http://a.com; proxy_set_header Accept-Encoding ""; } }
然后把上述代码中的 a.com 改为被镜像的网站,
b.com 改为镜像网站所用的域名
示例没有加 WWW,如果你的有 WWW,请自行就改吧
修改完毕保存,把需改好的 b.com.conf 上传到服务器进行覆盖替换
[qgg_yellow]然后执行nginx -s reload重新加载nginx配置即可。[/qgg_yellow]
[qgg_green]HTTPS 镜像[/qgg_green]
HTTPS 镜像适用于:添加虚拟主机时选择启用 SSL 证书,并且被镜像的域名也启用了 SSL 证书
打开/usr/local/nginx/conf/vhost
找到 b.com.conf 下载到本地
打开 b.com.conf ,复制文中的如下证书内容(因域名不同,部分内容会有差别),保存到另一个文档中:
ssl on; ssl_certificate /etc/letsencrypt/live/b.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/b.com/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+CHACHA20:EECDH+CHACH:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m; # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048 ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
然后清空 b.com.conf,把下方内容全部复制到被清空的 b.com.conf
server { listen 80; listen 443 ssl; server_name b.com ; index index.html index.htm index.php default.html default.htm default.php; root b.com; ssl on; ssl_certificate /etc/letsencrypt/live/b.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/b.com/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+CHACHA20:EECDH+CHACH:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m; # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048 if ( $scheme = http ){ return 301 https://$server_name$request_uri; } if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo| sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) { return 403; } location / { sub_filter a.com b.com; sub_filter_once off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer https://a.com; proxy_set_header Host a.com; proxy_pass https://a.com; proxy_set_header Accept-Encoding ""; } }
修改 ABC 三处的内容
A 处,把 b.com 替换为你用来镜像的域名
B 处,删 B 处内容,把刚才单独保存的证书内容复制到 B 处
C 处,把 b.com 替换为你用来镜像的域名,把 a.com 替换为被镜像的域名。
示例没有 WWW,如果你的有 WWW,请自行就改吧,修改完毕保存,把需改好的 b.com.conf 上传到服务器进行覆盖替换。
[qgg_yellow]最后执行:nginx -s reload 重新加载nginx,使其生效。[/qgg_yellow]
微信扫描下方的二维码阅读本文