nginx 反向代理 google 问题，现在访问提示 SSL 连接出错，大神帮忙看看

proxy_cache_path /usr/local/nginx/cache/ levels=1:2 keys_zone=one:10m max_size=10g;
proxy_cache_key "$host$request_uri";
server {
listen 80;
server_name g.juxia.me;
rewrite ^(.*) https://g.juxia.me$1 permanent;
}

upstream google {
server 74.125.224.71:80 max_fails=3;
server 74.125.224.72:80 max_fails=3;
server 74.125.224.73:80 max_fails=3;
server 74.125.224.74:80 max_fails=3;
server 74.125.224.75:80 max_fails=3;
server 74.125.224.76:80 max_fails=3;
server 74.125.224.77:80 max_fails=3;
server 74.125.224.78:80 max_fails=3;
server 74.125.224.79:80 max_fails=3;
server 74.125.224.80:80 max_fails=3;
}
server {
listen 443;
server_name g.juxia.me;
ssl on;
ssl_certificate /usr/local/nginx/ssl.crt;
ssl_certificate_key /usr/local/nginx/ssl.key;
location / {
proxy_cache one;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 404 1m;
proxy_redirect https://www.google.com/ /;
proxy_cookie_domain google.com g.juxia.me;
proxy_pass http://google;
proxy_set_header Host "www.google.com";
proxy_set_header Accept-Encoding "";
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Language "zh-CN";
proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=zh-CN:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2w1IQ-Maw";
sub_filter www.google.com g.juxia.me;
sub_filter_once off;
}
}

sdcg1994

2014-11-25 20:19:42 +08:00

我的代码是这样，你可以参考下
server {
listen 80;
server_name *.com www.*.com ;
rewrite ^(.*) https://www.*.com$1 permanent;
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
}

server {
listen 443 ssl spdy;
server_name *.com www.*.com ;
ssl on;
ssl_certificate /cert/sever.crt ;
ssl_certificate_key /cert/sever.key ;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers FIPS@STRENGTH:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
location / {
proxy_redirect https://www.google.com/ /;
proxy_pass http://173.194.120.67;
proxy_cookie_domain google.com *.com;
proxy_set_header Accept-Language "zh-CN";
proxy_set_header Accept-Encoding "";
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache one;
proxy_cache_valid 200 304 3h;
proxy_cache_valid 301 3d;
proxy_cache_valid any 1m;
proxy_cache_use_stale invalid_header error timeout http_502;
sub_filter google.com *.com;
sub_filter_once off;
}
}

rex1901

2014-11-25 22:08:17 +08:00

不加cache试试，我的就没有加，是可以用的。

server {
listen 80;
server_name g.juxia.me;
rewrite ^(.*) https://g.juxia.me$1 permanent;
}

server {
listen 443;
server_name g.juxia.me;

ssl on;
ssl_certificate /usr/local/nginx/ssl.crt;
ssl_certificate_key /usr/local/nginx/ssl.key;

location / {
proxy_redirect http://www.google.com/ /;
proxy_cookie_domain google.com g.juxia.me;
proxy_pass http://74.125.224.207;
proxy_set_header Accept-Encoding "";
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Language "zh-TW";
proxy_set_header Cookie "PREF=ID=136346c68dca691f:U=1b64135de4bae02b:FF=2:LD=zh-TW:NW=1:TM=1410449167:LM=1410449198:GM=1:SG=1:S=mandOuC2bhozpAdN";
sub_filter www.google.com g.juxia.me;
sub_filter_once off;
}
}

这是一个专为移动设备优化的页面（即为了让你能够在 Google 搜索结果里秒开这个页面），如果你希望参与 V2EX 社区的讨论，你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/149129

V2EX 是创意工作者们的社区，是一个分享自己正在做的有趣事物、交流想法，可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.