nginx ssl http auth proxy pass howto

 

nginx編譯支持SSL

 

./configure --with-http_ssl_module

生成ssl證書

 

cd /usr/local/nginx/conf
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

nginx啓用ssl

 

ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server.key;

生成htpasswd文件

 

htpasswd -c /usr/local/nginx/conf/passwd test

nginx啓用httpauth

 

auth_basic              "111111";
uth_basic_user_file  /usr/local/nginx/conf/passwd;

nginx啓用反向代理

 

proxy_pass   https://127.0.0.1:10000;

最後的nginx.conf以下

 

user  nobody;
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
    server {
        listen       443;
        server_name  localhost;
ssl                  on;
       ssl_certificate      server.crt;
      ssl_certificate_key  server.key;
        ssl_session_timeout  5m;
        ssl_protocols  TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        location / {
           root   html;
            index  index.html index.htm;
                        auth_basic              "111111";
                        auth_basic_user_file  /usr/local/nginx/conf/passwd;
            proxy_pass   https://127.0.0.1:10000;
        }
        error_page   500 502 503 504  /50x.html;
    }
}