0
点赞
收藏
分享

微信扫一扫

为GrayLog Web接口配置nginx HTTPS/SSL反向代理

small_Sun 2022-03-10 阅读 88

为GrayLog Web接口配置nginx HTTPS/SSL反向代理

本文参考https://docs.graylog.org/docs/web-interface完成 

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_html

(图片可点击放大查看)

准备条件

  • 1、域名

根域名walkingcloud.cn

二级域名graylog.walkingcloud.cn

  • 2、SSL(HTTPS)证书

可以在腾讯云SSL证书控制台申请一个免费证书,并下载nginx版本的证书 

例如证书对应graylog.walkingcloud.cn域名

具体步骤

域名购买,注册等步骤忽略,下面主要介绍证书申请及nginx配置

1、登陆腾讯云SSL证书控制台申请免费证书

我的证书->申请免费证书

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_nginx_02

(图片可点击放大查看)

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_html_03

(图片可点击放大查看)

证书绑定域名:graylog.walkingcloud.cn 

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_html_04

(图片可点击放大查看)

待申请成功后下载nginx版本证书

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_html_05

2、Graylog所在服务器安装nginx并配置nginx

yum install epel-release
yum install nginx

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_ssl证书_06

(图片可点击放大查看)

cd /etc/nginx/
vim nginx.conf

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_ssl证书_07

(图片可点击放大查看)

其中graylog的web端口为8000

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_html_08

(图片可点击放大查看)

修改成如下

server {
listen 80;
listen [::]:80;
server_name graylog.walkingcloud.cn;
rewrite ^(.*)$ https://$host$1;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://127.0.0.1:8000;
}
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

error_page 404 /404.html;
location = /404.html {
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}

HTTPS/SSL的配置

# Settings for a TLS enabled server.
#
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name graylog.walkingcloud.cn;
root /usr/share/nginx/html;
#
ssl_certificate "/etc/nginx/ssl/server.crt";
ssl_certificate_key "/etc/nginx/ssl/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http://127.0.0.1:8000;
}
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

error_page 404 /404.html;
location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}

并将证书上传到配置文件中指定的目录,文件名要与配置文件中一致

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_ssl证书_09

(图片可点击放大查看)

3、接下重启nginx服务

systemctl restart nginx.service 
firewall-cmd --add-port=80/tcp --zone=public --permanent
firewall-cmd --add-port=443/tcp --zone=public --permanent
firewall-cmd --reload

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_ssl证书_10

(图片可点击放大查看)

4、配置域名解析验证SSL证书是否OK

先配置域名解析

这里修改客户端访问的本地/etc/hosts文件模拟域名解析,进行测试

Mac下sudo vi /etc/hosts
添加
192.168.31.232 graylog.walkingcloud.cn

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_nginx_11

(图片可点击放大查看)

浏览器访问

http://graylog.walkingcloud.cn

会自动跳转到https站点 https://graylog.walkingcloud.cn

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_ssl证书_12

(图片可点击放大查看)

如图所示可以看到SSL证书正常有效

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_nginx_13

(图片可点击放大查看)

win10机器测试截图

为GrayLog Web接口配置nginx HTTPS/SSL反向代理_nginx_14

(图片可点击放大查看)

举报

相关推荐

0 条评论