Varnish + nginx + hitch +可以加密配置

Question

我是nginx的新手。我安装了Nginx + varnish + hitch +可以在linode ubuntu 16.04服务器中加密进行测试。 我尝试了以下在varnish博客中给出的指示并且能够连接https：//。

https://info.varnish-software.com/blog/five-steps-to-secure-varnish-with-hitch-and-lets-encrypt

的问题是，我不知道如何配置Nginx的SSL。 HTTPS和HTTP都正常工作。但不会重定向到默认的https。

我尝试了此链接中给出的所有nginx设置。但它不起作用https://vincent.composieux.fr/article/install-configure-and-automatically-renew-let-s-encrypt-ssl-certificate。

让我知道如何配置。

以下是Nginx文件。

server { 
    listen 80 default_server; 
    listen [::]:80 default_server; 

    # SSL configuration 
    # 
    # listen 443 ssl default_server; 
    # listen [::]:443 ssl default_server; 
    # 
    # Note: You should disable gzip for SSL traffic. 
    # See: https://bugs.debian.org/773332 
    # 
    # Read up on ssl_ciphers to ensure a secure configuration. 
    # See: https://bugs.debian.org/765782 
    # 
    # Self signed certs generated by the ssl-cert package 
    # Don't use them in a production server! 
    # 
    # include snippets/snakeoil.conf; 

    root /var/www/example.com/html/wordpress; 
    # Add index.php to the list if you are using PHP 
    index index.php index.html index.htm index.nginx-debian.html; 

    server_name example.com www.example.com; 

    location/{ 
      # First attempt to serve request as file, then 
      # as directory, then fall back to displaying a 404. 
      try_files $uri $uri/ =404; 
    } 
    location ~ \.php$ { 
    include snippets/fastcgi-php.conf; 
    fastcgi_pass unix:/run/php/php7.0-fpm.sock; 
    #fastcgi_index index.php; 
     # include fastcgi_params; 
} 

location ~ /\.ht { 
deny all; 
} 

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 
    # 
    #location ~ \.php$ { 
    #  include snippets/fastcgi-php.conf; 
    # 
    #  # With php7.0-cgi alone: 
    #  fastcgi_pass 127.0.0.1:9000; 
    #  # With php7.0-fpm: 
    #  fastcgi_pass unix:/run/php/php7.0-fpm.sock; 
    #} 

    # deny access to .htaccess files, if Apache's document root 
    # concurs with nginx's one 
    # 
    #location ~ /\.ht { 
    #  deny all; 
    #} 
    } 


    # Virtual Host configuration for example.com 
    # 
    # You can move that to a different file under sites-available/ and  symlink that 
    # to sites-enabled/ to enable it. 
    # 
    #server { 
    #  listen 80; 
    #  listen [::]:80; 
    # 
    #  server_name example.com; 
    # 
    #  root /var/www/example.com; 
    #  index index.html; 
    # 
    #  location/{ 
     { 
    #    try_files $uri $uri/ =404; 
    #  } 
    #} 

Answer 1

我建议你使用HAProxy的它非常简单的设置，我现在有

：443 HAProxy的（SSL）：8080清漆 - >：9080 JBoss应用程序

这里是我的HAProxy的配置：

global 
debug 
log   127.0.0.1 local0 
chroot  /var/lib/haproxy 
pidfile  /var/run/haproxy.pid 
maxconn  40 
user  haproxy 
group  haproxy 
daemon 
stats socket /var/lib/haproxy/stats 
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL 
ssl-default-bind-options no-sslv3 

defaults 
mode     http 
log      global 
option     httplog 
option     dontlognull 
retries     3 
timeout http-request 1m 
timeout queue   1m 
timeout connect   30s 
timeout client   2m 
timeout server   1m 
timeout http-keep-alive 30s 
timeout check   30s 

listen stats 
bind *:1936 
stats enable 
stats uri/
stats hide-version 
stats realm Haproxy\ Statistics 
stats auth haproxy:PASS 

frontend main 
bind 0.0.0.0:80 
bind 0.0.0.0:443 ssl crt /etc/haproxy/<HOSTNAME>.pem 
http-request set-header Host <HOSTNAME> 
redirect scheme https if !{ ssl_fc } 
acl is_root path -i/
acl is_domain hdr(host) -i <HOSTNAME> 
redirect code 301 location https://<HOSTNAME>/<APP> if is_domain is_root 
default_backend    app 

backend app 
mode http 
balance  roundrobin 
option forwardfor 
acl h_xff_exists req.hdr(X-Forwarded-For) -m found 
http-request replace-header X-Forwarded-For (.*) %[src],\1 if h_xff_exists 
http-request set-header X-Forwarded-Port %[dst_port] 
http-request add-header X-Forwarded-Proto https if { ssl_fc } 
default-server inter 10s fall 2 rise 1 
server var 127.0.0.1:8080 check