1. 首頁
  2. 問答
  3. 我如何使用HttpSubsModule糾正Nginx的Tumblr反向代理

我如何使用HttpSubsModule糾正Nginx的Tumblr反向代理

2014-10-31 62 views
1

我正在使我自己的域名使用SSL/https(https://example.com),並顯示沒有Tumblr URL(example.tumblr.com)的我的Tumblr博客。我如何使用HttpSubsModule糾正Nginx的Tumblr反向代理

HttpSubsModule(技術渭濱姚明)已經被添加到Nginx的,和/ etc/nginx的/網站可用/反向代理下列要求:發生

server 
{ 
listen 443; 
server_name example.com; 




ssl on; 
ssl_certificate /root/example_com.crt; 
ssl_certificate_key /root/example.key; 
ssl_protocols SSLv3 TLSv1; 
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP; 


location/{ 
subs_filter_types text/html text/css text/xml; 
subs_filter example.tumblr.com example.com g; 
proxy_redirect http://example.tumblr.com/ /; 
proxy_redirect off; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_set_header Host "example.tumblr.com"; 
proxy_set_header Accept-Encoding ""; 
proxy_pass http://example.tumblr.com; 

} 

} 

server 
{ 
listen 80; 
server_name example.com; 
rewrite ^(.*) https://example.com/$1 permanent; 


}

2問題: ①登錄Chrome瀏覽器混合加載時檢測到的內容https://example.com, ②單擊任何圖像時404未找到。

任何想法我在這裏做錯了嗎?非常感謝。

來源

2014-10-31 Yin

+0

通過使用dotdeb.org的nginx與nginx-full。 – Yin 2014-10-31 08:01:00

回答

0

網站能夠與如下配置一起很好地工作:

server { 
listen 443 ssl spdy; 
server_name example.org; 

ssl on; 
ssl_certificate /etc/nginx/ssl/example_org.crt; 
ssl_certificate_key /etc/nginx/ssl/example_org.key; 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;"; 

ssl_prefer_server_ciphers on; 
ssl_dhparam /etc/nginx/ssl/certs/dhparam.pem; 
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; 
keepalive_timeout 70; 
ssl_session_cache shared:SSL:10m; 
ssl_session_timeout 10m; 

location/{ 
subs_filter_types text/css text/xml application/xhtml+xml application/xml; 
subs_filter 'example.tumblr.com' 'example.org' g; 
subs_filter 'http:' 'https:' g; 

proxy_set_header Accept-Encoding ""; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_set_header Host "example.tumblr.com"; 
proxy_pass   http://example.tumblr.com; 
proxy_ssl_session_reuse on; 

proxy_cache_key "$scheme://$host$request_uri"; 
proxy_cache cache_one; 
proxy_cache_valid 200 304 3h; 
proxy_cache_valid 301 1d; 
proxy_cache_valid any 10s; 
} 

} 

server { 
listen 80; 
server_name example.org www.example.org; 

location/{ 
return   301 https://$host$request_uri; 
} 
} 

server { 
listen  443; 
server_name www.example.org; 
return  301 https://example.org$request_uri; 
} 


server { 
listen  80; 
server_name 178.60.000.00; 
return  301 https://example.org$request_uri; 
}

在這種情況下,要注意的代碼subs_filter 'http:' 'https:' g;,這是代理儲備配置的關鍵代碼成功的。

來源

2016-01-07 21:04:12 Yin

相關問題

 相關問題