Nginx SSL反代谷歌搜索

1.材料

1.SSL证书 一枚
2.国外VPS 一只
3.域名 一只

2.演示环境

1.ramnode家小鸡
2.centos6 64bit
3.nginx

3.步骤

1.安装Nginx

cd /etc/yum.repos.d/
vi nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1
yum install nginx -y

2.新建nginx的主机conf文件.假设你的域名为g.a.com

touch /etc/nginx/conf.d/g.a.com.conf

3.在新建的g.a.com.conf文件中写入下列内容.注意证书位置和你的域名g.a.com

server {
        listen              443 ssl;
        listen              80;
        server_name         g.a.com;
        ssl on;
        ssl_certificate   encrypt/g.a.com.crt;#SSL证书位置
        ssl_certificate_key  encrypt/g.a.com.key;#SSL证书位置
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        #access_log  logs/google.access.log;#可自行选择是否开启日志
        location / {
            proxy_pass https://www.google.com.hk;
            proxy_redirect ~^https://www.google.com.hk(.*)   https://g.a.com$1;
            proxy_redirect ~^https://www.google.com(.*)   https://g.a.com$1;
        }
        error_page 497  https://$host$uri?$args;  
    }

4.新建目录encrypt 将你对应证书的修改好名字和后缀放进去。

mkdir /etc/nginx/encrypt

5.重启Nginx

service nginx restart

6.解析域名g.a.com到该VPS

4.补充

如果你也用的ramnode家的小鸡,请在重启nginx之前,干掉自带的httpd服务。


谷歌搜索Nginx