印象中都是用 a.comf 去反代 b.com ,那么问题来了,想 a.com 反代 a.com 应该怎么弄?
还有一个小问题,用加拿大服务器做后端,香港 VPS 反代做前端,不知道速度会不会提高一些
2
alect 2015-11-05 14:35:58 +08:00
多层反代我就在用,直接改 host 指向即可,速度会提升的。
|
3
msg7086 2015-11-05 14:42:53 +08:00 via Android
反代地址写主机 ip
|
4
arnofeng 2015-11-05 14:51:44 +08:00 via Android
我也这么做了。效果很好。两个 64vps 反代。见 blog.adminhost.org 。先正常解析,然后再解析到 nginx 机器上。
|
5
liyvhg 2015-11-05 14:57:36 +08:00
用不同的端口可以一层一层反代下去
|
6
coagent 2015-11-05 15:02:35 +08:00
我就反代了一个站,外面的 DNS 解析指向香港机器的 IP ,实际机器在美国,香港机器 nginx 里用 IP 去连美国的机器, upstream 里写 IP 地址,香港机器 host 都不用弄。
|
7
Adminmaster OP @arnofeng 那 SSL 应该怎么整,我弄了下,证书显示不对
|
8
arnofeng 2015-11-05 15:14:06 +08:00
@Adminmaster 一样的整啊。配置 nginx 的 ssl 你看我的 https://www.blofeng.com 反代的
|
9
arnofeng 2015-11-05 15:15:10 +08:00
|
11
ryd994 2015-11-05 15:25:00 +08:00 via Android
|
12
Adminmaster OP @arnofeng 我 proxy_pass 那边填 http://ip 不能访问 ,填 https:ip 能访问,但是证书不识别。- -
|
13
clanned 2015-11-05 15:33:31 +08:00 via Android
我是这么弄的
dnsmasq 配置 address=/.example.com real-server-ip nginx http 里 resolver 127.0.0.1 |
14
arnofeng 2015-11-05 15:34:46 +08:00
@Adminmaster
##blogfeng start server { listen 80; server_name www.blogfeng.com blogfeng.com; location / { proxy_redirect http://www.blogfeng.com/ /; proxy_pass http://*******; proxy_connect_timeout 60s; proxy_read_timeout 5400s; proxy_send_timeout 5400s; proxy_set_header Host "www.blogfeng.com"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto http; proxy_set_header Accept-Encoding ""; proxy_set_header User-Agent $http_user_agent; } } server { listen 443; server_name www.blogfeng.com blogfeng.com; ssl on; ssl_certificate /etc/ssl/private/1_blogfeng.com_bundle.crt; ssl_certificate_key /etc/ssl/private/2_blogfeng.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location / { proxy_redirect http://www.blogfeng.com/ /; proxy_pass http://*********; proxy_connect_timeout 60s; proxy_read_timeout 5400s; proxy_send_timeout 5400s; proxy_set_header Host "www.blogfeng.com"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto http; proxy_set_header Accept-Encoding ""; proxy_set_header User-Agent $http_user_agent; } } ##blogfeng end |
15
Adminmaster OP @arnofeng 我的 conf 这样设置不知道是不是不对的:
server { listen 80; server_name abc.com www.abc.com; return 301 https://abc.com$request_uri; } server { listen 443 ssl http2; server_name abc.com www.abc.com; ssl_certificate /etc/ssl/vhost/abc_com.crt; ssl_certificate_key /etc/ssl/vhost/abc_com.key; ssl_prefer_server_ciphers on; keepalive_timeout 60; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_stapling on; ssl_stapling_verify on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location / { proxy_pass http://ip; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_set_header Accept-Encoding ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header Front-End-Https on; proxy_redirect off; } } |
16
Adminmaster OP |
17
arnofeng 2015-11-05 17:26:15 +08:00 via Android
@Adminmaster 。。。兄弟 不谷歌吗 你要手把手交的话 还是别折腾了。请人搞吧。
|
18
Adminmaster OP @arnofeng 主要是平时都是 a 代 b ,突然蒙逼了哈。。
|
20
Slienc7 2015-11-05 18:13:47 +08:00
直接转发端口即可,反代浪费资源
|
21
Andy1999 2015-11-05 18:23:15 +08:00 via iPhone
一行 host 的事情……
|
23
Adminmaster OP @xgowex 已经用了 upstream 方案,搞定。
|