Nginx Proxy HTTPS Encrypted iServer

The process of iServer using Nginx proxy HTTPS encryption is as follows:

Configure to turn on HTTPS as described in Configuring with APR , then configure the Nginx proxy to open a new window, as shown in the following example:

nginx.conf

server {

  listen       8000 ssl;

  server_name www.myiserver.com;

  ssl_certificate     the location of the certificate file for the private key;

  ssl_certificate_key     private key file location;

  ssl_session_cache   shared:SSL:1m;

  ssl_session_timeout 5m;

  ssl_ciphers HIGH:!aNULL:!MD5;

  ssl_prefer_server_ciphers on;

  location / {

    proxy_pass   http://172.16.120.86:8090;

    proxy_set_body $request_body;

    proxy_set_header Accept-Encoding "";

    proxy_set_header Host $host:8000;

    sub_filter_once off;

    sub_filter_types *;

    sub_filter 'http://$server_name:8000/iserver' 'https://$server_name:8000/iserver';

  }

}

• listen: The listening port of SSL protocol

• server_name: It is used to set the server name after the proxy. Generally, the domain name of the proxy server is used.

• SSL_certificate: Certificate file location for private key

• SSL_certificate_key: Private key file location

• SSL_session_cache: Storing session Type and size of the parameter cache

• The SSL_session_timeout: Specifies when the client can reuse the session parameter

• proxy_pass: Used to set the GIS to be forwarded Service address, which can be in the form of IP address or domain name

• proxy_set_header: Set the request header of the forwarding request. Only the service address needs to be set. If the service address in the request header is not set, when the service after the reverse proxy is accessed, the page link in the service still points to the original GIS server instead of the current address.

• sub_filter_once: Replace only once

• sub_filter_types: Types to be replaced

• sub_filter: Replace the specified content of the data returned to the client. The first parameter is the original content, and the second parameter is the content expected to be replaced. Because The static resource link of iServer is still HTTP, but the access is HTTPS, which has cross-domain problems, so sub _ filter is used to replace HTTP with https.