172
Help us understand the problem. What are the problem?

More than 5 years have passed since last update.

posted at

nginx で SSL解きリバースプロキシな設定のお作法

フロントでSSL解いてリバースプロキシってのは割と良く作るのだけど、あれれ...?

nginx, ときどき httpd で出来てたことが出来なくて「えっ?」てなる。今後のためにメモ。

nginx.conf
server {
       listen         80;
       server_name    www.example.com;
       rewrite        ^ https://$http_host$request_uri? permanent;
}

server {
       listen         443;
       server_name    www.example.com;

       ssl on;
       ssl_certificate ...
       ssl_certificate_key ...

       :
       location / {
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-Proto https;
             proxy_set_header X-Forwarded-Host $host;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

             proxy_pass http://backend.example.com/;
             proxy_redirect http:// https://;
       }
}

ポイントは proxy_redirect http:// https://; の行。後ろが頭のいい奴(例:Rails)だと、X-Forwarded-Proto を見てよしなにヘッダを吐いてくれるんだけど、X-Forwarded-Proto 見てくれない奴が裏側にいる場合には、これで Location ヘッダなんかを強制的に https:// に書き換える必要がある。

apache httpd で言うところの ProxyPassReverse ですな。こっちの方が融通利くみたい。

ちなみに nginx の $http_host と $host は同じようでいて微妙に違うらしい > ネタ元

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Sign upLogin
172
Help us understand the problem. What are the problem?