LoginSignup
9
9

More than 5 years have passed since last update.

@tsubasaxZZZ(Nomura Tsubasa)

nginx で SSLアクセラレータ+リバースプロキシでサブドメイン運用

Posted at

TL;DR

  • Azure VM にインストールされているDockerで複数台のサーバーを立てている
  • これまで同一ホスト名+別ポート番号で接続していた
  • ホストが増えてきたのとポート番号運用はいけてないので nginx のリバプロでサブドメイン運用したい

nginx の設定

  • HTTP は 強制的にHTTPS 接続に
  • proxy_pass は、Docker ホストを指定(もっといい方法ないのかな。。。)
/etc/nginx/conf.d/default.conf
ssl_certificate     /etc/nginx/conf.d/nomupro.com.crt;
ssl_certificate_key         /etc/nginx/conf.d/nomupro.com.key;
ssl_prefer_server_ciphers on;
ssl_session_cache    shared:SSL:10m;
ssl_session_timeout  5m;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';


proxy_next_upstream error timeout;
proxy_set_header Host              $host;
proxy_set_header X-Real-IP         $remote_addr;
proxy_set_header X-Forwarded-For   $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port  $remote_port;
proxy_set_header X-Forwarded-User $remote_user;
port_in_redirect                   off;
add_header      Front-End-Https    on;
server_tokens off;

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}
# default
server {
    listen    443 ssl default_server;
    server_name _;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}
# zabbix
server {
    listen    443 ssl;
    server_name zabbix.nomupro.com;
    location / {
        proxy_pass http://172.17.0.1:8080;
    }
}
# phpmyadmin
server {
    listen    443 ssl;
    server_name pma.nomupro.com;
    location / {
        proxy_pass http://172.17.0.1:8081;
        allow 192.168.0.0/16;
        deny all;
    }
}

Docker コマンド

docker run -d -it -p 80:80 -p 443:443 --restart=always -h nginx --name nginx -v $(pwd)/nginx-conf/:/etc/nginx/conf.d/ -v $(pwd)/html/:/usr/share/nginx/html nginx

参考サイト

Nginx で 「SSL Accelerator(SSLアクセラレータ)」を作りました! (SSLリバースプロキシ)
https://snickerjp.blogspot.jp/2015/03/nginx-ssl-accelerator.html
NginxでのSSL設定の細かい意味
https://gist.github.com/koudaiii/735ef14b83ee31ac0967
REDIRECT ALL HTTP REQUESTS TO HTTPS WITH NGINX
https://www.bjornjohansen.no/redirect-to-https-with-nginx
nginx の設定で気をつける事(個人用メモ)
https://qiita.com/white_aspara25/items/bc9d9b9b2dc0a673169a
DockerfileでNginxの起動とログのローテーションまで
https://qiita.com/k7tak29/items/993ba3af8b0ac62a02c5

9
9
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
9
9