nginx ssl http auth proxy pass howto

有一个场景需要给一个没有HTTP AUTH身份验证和SSL,在网上搜了搜,用nginx折腾了下,做个笔记。

生成ssl证书

1
2
3
4
5
6
cd /usr/local/nginx/conf
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

nginx启用ssl

1
2
3
ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server.key;

生成htpasswd文件

1
htpasswd -c /usr/local/nginx/conf/passwd test

nginx启用httpauth

 
1
2
auth_basic “111111”;
auth_basic_user_file /usr/local/nginx/conf/passwd;

nginx启用反向代理

 
1
proxy_pass https://127.0.0.1:10000;

最后的nginx.conf如下

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
user nobody;
worker_processes 1;
 
events {
worker_connections 1024;
}
 
http {
include mime.types;
default_type application/octet-stream;
 
sendfile on;
 
keepalive_timeout 65;
 
gzip on;
 
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
 
ssl_session_timeout 5m;
 
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
 
location / {
root html;
index index.html index.htm;
auth_basic “111111”;
auth_basic_user_file /usr/local/nginx/conf/passwd;
proxy_pass https://127.0.0.1:10000;
}
 
error_page 500 502 503 504 /50x.html;
 
}
 
}
转自:http://baoz.net/nginx-ssl-http-auth-proxy-pass-howto/
此条目发表在服务器相关分类目录,贴了, 标签。将固定链接加入收藏夹。