On 2013/4/20 10:45, yankai0219 wrote:
1閿熸枻鎷種ginx閿熸枻鎷蜂负涓
yankai0219
关于Nginx正向代理时不支持HTTPS的问题: 我查证以后,发现 Nginx的确不能正向代理HTTPS请求,因为不支持CONNECT方法。我使用的nginx-1.2.7版本。以下是我的分析: 1.在/src/http/ngx_http_core_module.c中的ngx_methods_names数组中没有CONNECT方法。
2.对于CONNECT的rfc解释: This specification reserves the method name CONNECT for use with a
proxy that can dynamically switch to being a tunnel (e.g. SSL
tunneling [44]). 4. HTTP CONNECT method的俄文邮件列表 http://forum.nginx.org/read.php?21,233607,233611#msg-233611
static ngx_http_method_name_t ngx_methods_names[] = {
{ (u_char *) "GET", (uint32_t) ~NGX_HTTP_GET },
{ (u_char *) "HEAD", (uint32_t) ~NGX_HTTP_HEAD },
{ (u_char *) "POST", (uint32_t) ~NGX_HTTP_POST },
{ (u_char *) "PUT", (uint32_t) ~NGX_HTTP_PUT },
{ (u_char *) "DELETE", (uint32_t) ~NGX_HTTP_DELETE },
{ (u_char *) "MKCOL", (uint32_t) ~NGX_HTTP_MKCOL },
{ (u_char *) "COPY", (uint32_t) ~NGX_HTTP_COPY },
{ (u_char *) "MOVE", (uint32_t) ~NGX_HTTP_MOVE },
{ (u_char *) "OPTIONS", (uint32_t) ~NGX_HTTP_OPTIONS },
{ (u_char *) "PROPFIND" , (uint32_t) ~NGX_HTTP_PROPFIND },
{ (u_char *) "PROPPATCH", (uint32_t) ~NGX_HTTP_PROPPATCH },
{ (u_char *) "LOCK", (uint32_t) ~NGX_HTTP_LOCK },
{ (u_char *) "UNLOCK", (uint32_t) ~NGX_HTTP_UNLOCK },
{ (u_char *) "PATCH", (uint32_t) ~NGX_HTTP_PATCH },
{ NULL, 0 }
};
|
yaoweibin
閿熺煫鍚э綇鎷烽敓鏂ゆ嫹閿熷壙鏂ゆ嫹閿熷壙锝忔嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熺粸鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熻鍖℃嫹閿熸枻鎷锋敮閿熻鐨勶綇鎷?br>
location / {
proxy_pass https://$host;
}
閿熸枻鎷锋寚閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熼ズ?閿熸枻鎷稨TTP閿熷壙鍙h揪鎷烽敓??寮忛敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓閰?閿熸枻鎷烽敓鏂ゆ嫹閿熷壙鍙e嚖鎷烽敓缁為潻鎷烽敓鏂ゆ嫹閿熸枻鎷烽〉閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷稨TTP閿熸枻鎷稨TTPS閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷峰簲閿熸枻鎷烽敓瑙掕鎷锋敮閿熻鈽呮嫹
On 2013/4/20 22:38, yankai0219 wrote:
閿熸枻鎷烽敓鏂ゆ嫹Nginx閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓缁炴唻鎷烽敓琛椦嶆嫹閿?HTTPS閿熸枻鎷烽敓鏂ゆ嫹閿熻В锛?br>
閿熸彮璇ф嫹璇侀敓鐨嗗悗锛屽嚖鎷烽敓鏂ゆ嫹 Nginx閿熸枻鎷风‘閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓?HTTPS閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷蜂负閿熸枻鎷锋敮閿熸枻鎷稢ONNECT閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷?/b>閿熸枻鎷蜂娇閿熺煫纰夋嫹nginx-
1.2.7閿熻姤鏈敓鏂ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷烽敓鎻殑鍑ゆ嫹閿熸枻鎷烽敓鏂ゆ嫹
1.
閿熸枻鎷?src/http/ngx_http_core_module.c閿熷彨纰夋嫹ngx_methods_names閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷锋病閿熸枻鎷?
CONNECT閿熸枻鎷烽敓鏂ゆ嫹閿熸枻鎷?/div>
2.
閿熸枻鎷烽敓鏂ゆ嫹CONNECT閿熸枻鎷穜fc閿熸枻鎷烽敓閰碉綇鎷?span style="line-height: 1.7;">This
specification reserves the method name CONNECT for use with
a proxy that can dynamically switch to being a tunnel (e.g.
SSL tunneling [44]).
4.
HTTP CONNECT
method閿熶茎璁规嫹閿熸枻鎷烽敓缁炵》鎷烽敓鍙唻鎷?nbsp; http://forum.nginx.org/read.php?21,233607,233611#msg-
233611
static ngx_http_method_name_t ngx_methods_names[]
= {
{ (u_char *) "GET", (uint32_t)
~NGX_HTTP_GET },
{ (u_char *) "HEAD", (uint32_t)
~NGX_HTTP_HEAD },
{ (u_char *) "POST", (uint32_t)
~NGX_HTTP_POST },
{ (u_char *) "PUT", (uint32_t)
~NGX_HTTP_PUT },
{ (u_char *) "DELETE", (uint32_t)
~NGX_HTTP_DELETE },
{ (u_char *) "MKCOL", (uint32_t)
~NGX_HTTP_MKCOL },
{ (u_char *) "COPY", (uint32_t)
~NGX_HTTP_COPY },
{ (u_char *) "MOVE", (uint32_t)
~NGX_HTTP_MOVE },
{ (u_char *) "OPTIONS", (uint32_t)
~NGX_HTTP_OPTIONS },
{ (u_char *) "PROPFIND" , (uint32_t)
~NGX_HTTP_PROPFIND },
{ (u_char *) "PROPPATCH", (uint32_t)
~NGX_HTTP_PROPPATCH },
{ (u_char *) "LOCK", (uint32_t)
~NGX_HTTP_LOCK },
{ (u_char *) "UNLOCK", (uint32_t)
~NGX_HTTP_UNLOCK },
{ (u_char *) "PATCH", (uint32_t)
~NGX_HTTP_PATCH },
{ NULL, 0 }
};
|
--
Weibin Yao
Thanks.
|
yankai0219
主要还是我的提问方式有问题。 以后在提问问题的时候,会将 应用场景、解决方法、出现问题这几个重要因素列出。
|