Add nginx https 2 sample
parent
39c5787773
commit
bc6e104434
|
@ -0,0 +1,5 @@
|
|||
# Nginx with App
|
||||
|
||||
Nginx serves as a proxy, and terminates the ssl from client.
|
||||
|
||||
Nginx1 (mutual tls) --> Nginx2 (ssl terminate) --> app
|
|
@ -0,0 +1,27 @@
|
|||
version: '3'
|
||||
services:
|
||||
nginx1:
|
||||
image: nginx:1.20
|
||||
container_name: nginx1
|
||||
volumes:
|
||||
- ./nginx1.conf:/etc/nginx/nginx.conf
|
||||
- ./ssl:/etc/nginx/ssl
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
|
||||
nginx2:
|
||||
image: nginx:1.20
|
||||
container_name: nginx2
|
||||
volumes:
|
||||
- ./nginx2.conf:/etc/nginx/nginx.conf
|
||||
- ./ssl:/etc/nginx/ssl
|
||||
ports:
|
||||
- 8080:80
|
||||
- 8443:443
|
||||
app:
|
||||
image: python:3.7
|
||||
container_name: app
|
||||
expose:
|
||||
- "80"
|
||||
command: python3 -m http.server 80
|
|
@ -0,0 +1,60 @@
|
|||
user nginx;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
#include /etc/nginx/conf.d/*.conf;
|
||||
|
||||
upstream nginx2 {
|
||||
server nginx2:443;
|
||||
}
|
||||
|
||||
upstream app {
|
||||
server app:80;
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
location / {
|
||||
proxy_pass http://app;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
|
||||
ssl_trusted_certificate /etc/nginx/ssl/server1.crt;
|
||||
ssl_certificate /etc/nginx/ssl/server1.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/server1.key;
|
||||
location / {
|
||||
proxy_pass https://nginx2;
|
||||
proxy_ssl_certificate /etc/nginx/ssl/server1.crt;
|
||||
proxy_ssl_certificate_key /etc/nginx/ssl/server1.key;
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_set_header X-Real-IP $remote_addr;
|
||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
#proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
user nginx;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
#include /etc/nginx/conf.d/*.conf;
|
||||
|
||||
upstream backend {
|
||||
server app:80;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
location / {
|
||||
proxy_pass http://backend;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
ssl_client_certificate /etc/nginx/ssl/server1.crt;
|
||||
ssl_verify_client on;
|
||||
|
||||
ssl_trusted_certificate /etc/nginx/ssl/server2.crt;
|
||||
ssl_certificate /etc/nginx/ssl/server2.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/server2.key;
|
||||
|
||||
location / {
|
||||
proxy_pass http://backend;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
openssl req \
|
||||
-x509 \
|
||||
-nodes \
|
||||
-days 3650 \
|
||||
-newkey rsa:2048 \
|
||||
-keyout /root/server2.key \
|
||||
-out /root/server2.crt
|
||||
|
||||
# Enter "*.net" (without quotes) as "Common Name"
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDfTCCAmWgAwIBAgIURFu7iX8+iLUXefTUMhV5HkviJJ8wDQYJKoZIhvcNAQEL
|
||||
BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQowCAYDVQQHDAFPMQowCAYD
|
||||
VQQKDAFPMQowCAYDVQQLDAFPMQ4wDAYDVQQDDAUqLmNvbTAeFw0yMjAyMDIyMzU0
|
||||
MjFaFw0zMjAxMzEyMzU0MjFaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEK
|
||||
MAgGA1UEBwwBTzEKMAgGA1UECgwBTzEKMAgGA1UECwwBTzEOMAwGA1UEAwwFKi5j
|
||||
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRVhWlCMpKJAaWVI+U
|
||||
aOF82vttfGECi28ZdUqgeaQnniOxGC2fQ66pJSmltTiYVTH3IRRbax/pGgUdqt1E
|
||||
gGB2jLqqbcqMxlzg4mSThO/cT2/3cFjoeOyg6yC2RjB8FjTjFrkWqiEenubqnqSX
|
||||
DC7XB6icYuimRPhMCLhC6GX/nPwfTMc98vzi9icOVZet84s5pReRQcSEd5ndg5+L
|
||||
OnCgivwFSXsjVZudpojXmdZ2Izb9fVQAhKZTgHe62rF1RZ2wkAmnOo1Haybe89vN
|
||||
Cm8lbIcoQKgPFlsqt3fa1kL80opHwrj6wDVMZ1dXGLULZ1EdGowymgso29o+Ojuh
|
||||
3n2NAgMBAAGjUzBRMB0GA1UdDgQWBBQkfe744BxH3XaZlWvXq54YFmp9MDAfBgNV
|
||||
HSMEGDAWgBQkfe744BxH3XaZlWvXq54YFmp9MDAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQCuH6jvESJQAzBGnKTHNlLmaX5OWJ2tFx78mRkLgbPC
|
||||
kL1uTwH7aQfga+TjnEPT5rSftnATaR0k8vxLSIT3KEpHrFZ4hHr1UwqikJGkmAYa
|
||||
TlFXLvX8eX8bo6NxECHz7OBOGzvUxBY9tm7NdojHk7XfOY5gJSbnpFQxNcdpk7jd
|
||||
y56nqAI/zhaDoCcrdxpvEBT657+NAaBfCJeH8ivudAQffaAJ9/c68HWHCr+tyQQw
|
||||
Vr6s6QMMKAZWJhUNKFVhNZczT+WcpqbQEuab1LJsut4pm72CUayq92vm7+jwiyCP
|
||||
TaKrNkcWug74xzzxvZtvtAO8rKRjyI/VZRB8sT6W2ey6
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRVhWlCMpKJAaW
|
||||
VI+UaOF82vttfGECi28ZdUqgeaQnniOxGC2fQ66pJSmltTiYVTH3IRRbax/pGgUd
|
||||
qt1EgGB2jLqqbcqMxlzg4mSThO/cT2/3cFjoeOyg6yC2RjB8FjTjFrkWqiEenubq
|
||||
nqSXDC7XB6icYuimRPhMCLhC6GX/nPwfTMc98vzi9icOVZet84s5pReRQcSEd5nd
|
||||
g5+LOnCgivwFSXsjVZudpojXmdZ2Izb9fVQAhKZTgHe62rF1RZ2wkAmnOo1Haybe
|
||||
89vNCm8lbIcoQKgPFlsqt3fa1kL80opHwrj6wDVMZ1dXGLULZ1EdGowymgso29o+
|
||||
Ojuh3n2NAgMBAAECggEBAKXxh9b70OBVDqO9BNSxD47aSNXR81UBE2ErCa2MwARn
|
||||
6ANLF19ZV+vd+dXSgrq/ToyJPIn7saAncEbEXAMhgVZ42MChqB9QX/Alh3UpvLr4
|
||||
fdm4xcIDmhE2UwgrO+Qh9mrOaIr+8qJDdOooOHFExxzOhWrzPVoQ8oPTpb3kXHbz
|
||||
nB9OiTertbw4YHABx9+7Xg+L3d/4+69khYaG369HonnJMc/4YIsgHhomv7x1fWzg
|
||||
LSSIiUyHMnhPss8hWAL0YBIkfB+XwwEJ1tt45QZCr2GVICZ+AzU1j6DnxM4/V8lF
|
||||
QWZq2FiwbWvXLo89m4ZrqfhgzxoTK9cuULw37fPv2gECgYEA6aLidpJ6UwvNZRkL
|
||||
soOV0UfWKAJoAt5L6Uz6J32rg1jIKSKg5qzk7dp2u24iVriCA8chOnVia90bpbQ5
|
||||
gTX3zNlpBedly7rZvZQJnbr82xFBkJfRU5AZ90W+RLWPijAZjp5MYKBEuVbs84Q9
|
||||
eFpZT/nz563isJo6In5vSay8KHkCgYEA5V++PWbawXQ4x2+PyglQunFTZy6M/Fha
|
||||
QtdGqL87bK6Xo9my/As2NhvH/2HLGgXcXGxq2ppE2E59NOZIsUpcEj9Hvhyb5e5E
|
||||
0Rn0kX1Rq417xIVn8zBqgjd8DKQc07ih6JqANNtste0ZIGHQ2xC7xTKNBYTxCXTh
|
||||
EVc0n0XM4LUCgYBssu7AEdg9qQEPpz5s+JGMg+qcRLpVk00oJzs/glV4z6aYlNbd
|
||||
W9VK4FhbTZtGU6OR1GSeSRzYaE/DoX0bo5s9wGz/ZTBUQAOsEyMCMowP9BBYEHpA
|
||||
cYvTIqyqVPqKZWSOmRGZ5xbyUAIALidXRlnFPtp+kMUmOysO/1oRof8MqQKBgQCe
|
||||
miltQ6WXhsmL/bQrO226vYmyGxoZku42sayGGlT4vXDVNz7v0MDXgTY1fGV3xP2u
|
||||
Wrk4FtvrxboFzgYNsSEg7OiqqBWUU8D55TybLVA/k0E1jhlmqt+60qrQAtp7+3rY
|
||||
35wu8FqnIR7yqTBFibiMjnu8iUQyCcNmvioAx7720QKBgQC9pafeUYCRYlz0mYFN
|
||||
p4S4GPKO7E2s/UVt/c9PLWMFoSqc07VosuY4JgmYLFsB1lnOL3WvxP3A+8If1NEz
|
||||
xJ7bpLcTIxwvabJBDgkcCVHJo3J46ze/gIMppu7J9SuGYc0Yr4gcZcF9jiPxdFxE
|
||||
3WTHcQzWfnv1cSEfzWLHk2zAbg==
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDfTCCAmWgAwIBAgIUB8iDeBEFCI5nB+ZcptyBiK8CSugwDQYJKoZIhvcNAQEL
|
||||
BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQowCAYDVQQHDAFPMQowCAYD
|
||||
VQQKDAFPMQowCAYDVQQLDAFPMQ4wDAYDVQQDDAUqLm5ldDAeFw0yMjAyMDMwMDI4
|
||||
MzhaFw0zMjAyMDEwMDI4MzhaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEK
|
||||
MAgGA1UEBwwBTzEKMAgGA1UECgwBTzEKMAgGA1UECwwBTzEOMAwGA1UEAwwFKi5u
|
||||
ZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZfsjmr38jGNBlwXcU
|
||||
tLKN3JgK8O8kMO7izg8tnFCag9RdDMmm+Xq+ntpCzzNHVzK+K9m60AML4dnalHU+
|
||||
5FJqe++iR3092JxOOlh7D2QYsq59mttlXLPxvwB+Hn7/Bp7l4Y4WlSuQ9ViigLi2
|
||||
GwFmu/4rQuHEpm3PeaLRrZObnmDmwWdYE4Y1XMwWy7PfQp+6Hl/Eq9ZuhU+c0gzo
|
||||
hlenmBSAfZK0ctYbAP/zGUqbBup+wuhZOyx2gEGnCDgKg9POjSqXIb+dqcOjvaJo
|
||||
5CWjuSodiX1bjeUYR4uC+wxY/k38EzcVlbGB8f/UFNwmYg2tY/bB54toj5mNc/f6
|
||||
KiNDAgMBAAGjUzBRMB0GA1UdDgQWBBQO64TaLjr1mC9yuIQVnIp3+xvPHTAfBgNV
|
||||
HSMEGDAWgBQO64TaLjr1mC9yuIQVnIp3+xvPHTAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQB6ybZzfFMWG2CNZBvvlSi2RoIOoQ7Ra9QD8aC6py5j
|
||||
zJi3RVV/NxJz7ODdE3Y8uOo8Gi7owQCFBrKXESKTsoT+uoD1mV7sWqXTkjgVNbMJ
|
||||
lbOpTdZisWG4/6BLVKIYf1TnEv5uWzr9k/2VP86LLZra/T0fntE6qFfBISXBicTt
|
||||
uePPO3v2EW4u19hqdXgZz5UxpCJoAGV2H+HGknvhqzoiEy6IWGfda7QU0vyvrjiU
|
||||
SPlz9mlSbWIBlP34aay37OET9yD0jqakg7r7Uvc2daBa4vkaZyNn4IIuw13rr2fV
|
||||
6oUX5Y2bioaF+2BwVzz5A0O9qShuzTbFiqgRLcQyPadr
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZfsjmr38jGNBl
|
||||
wXcUtLKN3JgK8O8kMO7izg8tnFCag9RdDMmm+Xq+ntpCzzNHVzK+K9m60AML4dna
|
||||
lHU+5FJqe++iR3092JxOOlh7D2QYsq59mttlXLPxvwB+Hn7/Bp7l4Y4WlSuQ9Vii
|
||||
gLi2GwFmu/4rQuHEpm3PeaLRrZObnmDmwWdYE4Y1XMwWy7PfQp+6Hl/Eq9ZuhU+c
|
||||
0gzohlenmBSAfZK0ctYbAP/zGUqbBup+wuhZOyx2gEGnCDgKg9POjSqXIb+dqcOj
|
||||
vaJo5CWjuSodiX1bjeUYR4uC+wxY/k38EzcVlbGB8f/UFNwmYg2tY/bB54toj5mN
|
||||
c/f6KiNDAgMBAAECggEAEq1sm0Le7CipXNOsYj7SRpR3Chl+r+Dz4s5HR2dxFJPV
|
||||
nNgISSqLe+swWyRoBuxaEzK40+4hFNgkWTz+hJQe774M6iaxfqonYiBokMjVk7lk
|
||||
eqzdwmqfmVcJt8rupP/wjVU9Wnsc7qnjHrFnK1xOVoA2Z4iq0rRoIbUUYmVBk89x
|
||||
cFH2bFQWLghry8pOa4lzwLPnD8BFduTNKk8GZWlQIIh+Pbtp24KhM6pau0qHZnyT
|
||||
qPb8ZNzt71hWKYHIsqqB6BQm0EizhKg8Aax21cdUP61YAq15IxcaXppmVaNrpCJK
|
||||
yDxLLsRY1JygTCZ8jiaA2KDs31k0hAbYNDi3x3q3AQKBgQD65MAcexwfsSQ5RrIK
|
||||
8HKFAhmc2qPiXWTyLlDzXrVlaHEv8adVuuq/0mYlRl6EONyUw8Wxk6BtQw4NoCp8
|
||||
FWpFE1b5ORqE9uKxNNWXoKPvyg8g4ALvdgqDvxHBT69XE3c43aTiz+snUhgog1MM
|
||||
7PNuqiI5ix0DGIZS1rG9ZYSl4wKBgQDd7ARCwNUUizLZlLCTYRTprUykLkqsPFOr
|
||||
5Dcycf6Li1wTw1gq1DXQfkywke0NS/gFDr8bqylyxUO88wlNIYf5PB5oekCNMZ1g
|
||||
OEz/8gASmQAchpnZYQtpGDhLYZzMZjC074fUCrySJiQ3WS6U+OI0ES+odaaDWBIu
|
||||
YBwcXlALIQKBgQD0TxXHZhYPwkX8xBuRTWymmlHojHszbTBkJ7fKFLpcoiQ9xHnm
|
||||
oFoBKlcvCuP0qw4Yir6SWafJXZdsqz9TjuLpmpiBnRp2yZYbatBmkxWv5TlwENKq
|
||||
7W31tnQKopaiGyFoLWRnPIHGy0kdAiw4FPBDHcav9AfvQM1kEw4G2LkfcwKBgQCK
|
||||
12CLCu3E3pm/uuEGM9TLpdqvVS7utwd6IVvPObaRQ20mCC8fDIlmmb4NMh7nFMJl
|
||||
F6bE/r79ySDqE/ubwAC8E7rKjsHYFFRroI28C4G0IPkK38NdVvO2mqqNrtJUpxKO
|
||||
ANYv+U+k+CvsXOVh2pxbCu2QLZsxzWYCkarErNTTQQKBgFbdLb1GRQvZRblxAUuv
|
||||
p75DiebRyCBsY6yXYc03VmsKw7N0+gehqh8pYPeN736GIkQH/4Ufbf8Fswe1Cnms
|
||||
fpZfKm/3DovMrMMiA+BWInA+Yhra6c186k/wq0wmhRtUkvbZN70n2FJ3vQ9kbphn
|
||||
+G/n6zv32ON3qsiZHVqTdvyl
|
||||
-----END PRIVATE KEY-----
|
Loading…
Reference in New Issue