- 论坛徽章:
- 0
|
本帖最后由 心若寒江雪 于 2013-06-25 11:41 编辑
如题,我使用varnish + Nginx做了一个透明代理,但是当我访问https网站的时候就报400的错误,请大侠指教:
nginx.conf
- server {
- listen 8080 default_server;
- server_name _;
- access_log /data/nginx/logs/access.log access;
- location ~* \.(gif|png|jpg|jpeg|wmv|avi|mpg|mpeg|mp4|htm|html|js|css|mp3|swf|ico|flv)$ {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_store /data/nginx/cache$uri;
- proxy_store_access user:rw group:rw all:r;
- proxy_pass $scheme://$host;
- add_header request_uri $request_uri;
- }
- location / {
- proxy_pass $scheme://$host;
- include fastcgi.conf;
- }
- }
复制代码 varnish: default.vcl- backend default {
- .host = "127.0.0.1";
- .port = "8080";
- }
- sub vcl_deliver {
- set resp.http.yougou-hits = obj.hits ;
- if (obj.hits > 0) {
- set resp.http.yougou-varnish = "HIT";
- } else {
- set resp.http.yougou-varsish= "MISS";
- }
- }
- sub vcl_recv {
- if (req.restarts == 0) {
- if (req.http.x-forwarded-for) {
- set req.http.X-Forwarded-For =
- req.http.X-Forwarded-For + ", " + client.ip;
- } else {
- set req.http.X-Forwarded-For = client.ip;
- }
- }
- if (req.request != "GET" &&
- req.request != "HEAD" &&
- req.request != "PUT" &&
- req.request != "POST" &&
- req.request != "TRACE" &&
- req.request != "OPTIONS" &&
- req.request != "DELETE") {
- /* Non-RFC2616 or CONNECT which is weird. */
- return (pipe);
- }
- if (req.request != "GET" && req.request != "HEAD") {
- /* We only deal with GET and HEAD by default */
- return (pass);
- }
- if (req.http.Authorization || req.http.Cookie) {
- /* Not cacheable by default */
- return (pass);
- }
- return (pass);
- }
复制代码 当我访问 https://www.google.com.hk的时候- 127.0.0.1 - - [25/Jun/2013:11:38:45 +0800] "CONNECT www.google.com.hk:443 HTTP/1.1" 400 172 "-" "-" -http8080
- 127.0.0.1 - - [25/Jun/2013:11:38:45 +0800] "CONNECT www.google.com.hk:443 HTTP/1.1" 400 172 "-" "-" -http8080
复制代码 找到的一个连接(http://www.reistlin.com/2011/04/page/1/)里面说:
“因为 Nginx 不支持 CONNECT,所以无法正向代理 Https 网站(网上银行,Gmail)”
但是我不怎么理解,请大侠指教
|
|