ini 使用nginx代理AWS ELB

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ini 使用nginx代理AWS ELB相关的知识,希望对你有一定的参考价值。

daemon off;

worker_processes 1;

events { worker_connections 1024; }

http{

sendfile on;

    server {
        ### server port and name ###
        listen          80;
        server_name     nginx;

        resolver 8.8.8.8 valid=10s;
        resolver_timeout 10s;

        ### log files ###
        access_log      logs/access.log;
        error_log       logs/error.log;

        location / {
                set $awsilb "internal-ILB-name-123456789.us-east-1.elb.amazonaws.com";
                proxy_pass  http://$awsilb;

                ### force timeouts if one of backend is died ##
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

                ### Set headers ####
                proxy_set_header        Accept-Encoding   "";
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

                ### Most PHP, Python, Rails, Java App can use this header ###
                #proxy_set_header X-Forwarded-Proto https;##
                #This is better##
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https   on;

                ### By default we don't want to redirect it ####
                proxy_redirect     off;
        }
    }

    server {
        ### server port and name ###
        listen          443;
        ssl             on;
        server_name     nginx.ssl;

        resolver 8.8.8.8  valid=10s;
        resolver_timeout 10s;

        ### SSL log files ###
        access_log      logs/ssl-access.log;
        error_log       logs/ssl-error.log;

        ### SSL cert files ###
        ssl_certificate      ssl/ssl.crt;
        ssl_certificate_key  ssl/ssl.key;

        ### Add SSL specific settings here ###


        ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        keepalive_timeout    60;
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;

        ### We want full access to SSL via backend ###
        location / {
                set $awsilb "internal-ILB-name-123456789.us-east-1.elb.amazonaws.com";
                proxy_pass  http://$awsilb;

                ### force timeouts if one of backend is died ##
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

                ### Set headers ####
                proxy_set_header        Accept-Encoding   "";
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

                ### Most PHP, Python, Rails, Java App can use this header ###
                #proxy_set_header X-Forwarded-Proto https;##
                #This is better##
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https   on;


                ### By default we don't want to redirect it ####
                proxy_redirect     off;
        }
    }
}

以上是关于ini 使用nginx代理AWS ELB的主要内容,如果未能解决你的问题,请参考以下文章

使用 AWS(ELB、Kubernetes Nginx 和 ACM)配置 HSTS

直接将 AWS ELB 与 Gunicorn 一起使用(没有 nginx)有啥缺点?

通过 AWS 上的 ELB 在 Kubernetes 上公开单个 Kafka 代理

使用HTTPS配置gitlab omnibus,无需在AWS上使用nginx证书

TCP 模式下基于 AWS ELB 的 HTTP2

在 nginx-config.yaml 中设置 HTTP 到 HTTPS 重定向(在 AWS ELB 中终止 SSL + NGINX Ingress 进行路由)