使用Nginx Proxy Manager反代Http/Https
使用Nginx Proxy Manager反代Http/Https
About
之前是手搓nginx反代,现在换到nginx proxy manager能更方便的管理ssl证书,遂写了一篇备忘录记录细节,如果对你有帮助那就太好了。
1.反代Http(示例code-server)
使用缺省配置无法正常反代ws会出现websocket 1006
https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2736
Hosts->Proxy Hosts->Add Proxy Hosts
默认配置如图
SSL选择你的域名证书,很简单不贴图了,重点是Advanced设置的Custom Nginx Configuration,按需替换[YOUR_SERVER_IP]和[YOUR_DOMAIN],重启一下host就可以正常访问code-server了。
location /
{
proxy_pass http://[YOUR_SERVER_IP]:80;
proxy_set_header Host [YOUR_DOMAIN]:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_connect_timeout 60;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
add_header X-Cache $upstream_cache_status;
}
2.反代https(示例mikanani.me)
因为mikanani在中国大陆无法正常访问例如rss服务,所以需要一个反代,部署在自己服务器上更方便直连速度更快所以没有使用CF Worker。
配置正常填写无其他需要更改的地方,和反代http一样
Advanced设置的Custom Nginx Configuration需要自定义,正常配置nginx反代,需要用sub_filter替换掉所有的mikanani.me为你的域名,必须关闭压缩(sub_filter无法替换压缩后xml中的mikanani.me,会导致rss下种子还是从源服务器下)。
location / {
proxy_pass https://mikanani.me;
proxy_set_header Referer https://mikanani.me;
proxy_set_header Host mikanani.me;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
sub_filter 'mikanani.me' 'yourdomain.com'; //替换yourdomain.com
sub_filter_once off;
sub_filter_types *;
add_header 'Cache-Control' 'no-cache, no-store, must-revalidate';
add_header 'Pragma' 'no-cache';
add_header 'Expires' '0';
proxy_set_header Accept-Encoding "";
}