nginx SSL 反向代理

场景

  • 本身启用SSL双向认证
  • 反向代理一个HTTP链接

nginx.conf配置

server {  
        listen       443 ssl;
        server_name  xxx.xxx.com;
        ssi on;  
        ssi_silent_errors on;  

        ssl_certificate /usr/local/nginx/conf/sslkey/server.crt;
        ssl_certificate_key /usr/local/nginx/conf/sslkey/server.key;
        ssl_client_certificate /usr/local/nginx/conf/sslkey/ca.crt;

        ssl_session_timeout 5m;
        ssl_verify_client on;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDH:AES:HIGH:!aNULL:!MD5:!ADH:!DH;

        ssl_prefer_server_ciphers on;

location /{  
.....

}
location /test_ssl/ {  
            error_log   /data/logs/xxx.com.err.log.ssl;
            access_log  /data/logs/xxx.com.acc.log.ssl;
            proxy_pass  http://xxx.xxx.com;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   Host      $host:443;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;                                                            
            proxy_set_header   X-Forwarded-Proto https; 

        }