您如何将NGINX配置为实现MTL的AWS API网关的正向/反向代理？

发布于 2025-02-12 12:54:18 字数 1538 浏览 1 评论 0原文

一直以Nginx（1.18.0）配置为正向代理而苦苦挣扎。我们使用特定的EC2框作为前向代理，这使我们可以将其EIP发送出来以出现白色。因此，NGINX已用于包括MTL在内的多种情况，并且始终效果很好。但是这次合作伙伴正在使用AWS API网关，这似乎不起作用。当我使用curl和openssl与客户端证书和键时，它可以正常工作，但是只要我使用nginx，它仍然会抛出HTTP错误400。

下面是我当前正在使用的配置。

server {

    listen         11013;
    server_name    localhost;

    access_log /var/log/nginx/forward_partner_x_nginx_proxy_access.log;
    error_log  /var/log/nginx/forward_partner_x_nginx_proxy_error.log warn;

    proxy_ssl_certificate /root/partner_x_ssl/uat_chain.crt;
    proxy_ssl_certificate_key /root/partner_x_ssl/uat.key;
    resolver 8.8.8.8;
    set  $partner_x_upstream https://api.partner_x.app;


    location /test {
                        access_log off;
                        return 200;
                }


    location / {
                        proxy_set_header Host $proxy_host;
                        proxy_pass $partner_x_upstream;
                        #proxy_pass_request_headers      on;

                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_ssl_protocols TLSv1.2;
                        proxy_ssl_server_name on;
                        proxy_buffering off;
                        proxy_ssl_name xx.xx.xx.xx;
                        #add_header Content-Type application/json;
                }

}

我尝试了此配置的几次迭代，但仍然没有用。由于客户端证书，我无法在捕获的TCPDUMP上看到任何重要的东西。

有人能够有类似的配置工作吗？如果您能在这里分享一些我在做错的事情的灯光，请感谢。提前致谢。

此致，

原文

Been struggling with an Nginx(1.18.0) configuration for a forward proxy. We use specific EC2 boxes as forward proxies and that allows us to send their EIP for whitelisting purpose. So Nginx has been used for several cases including mtls and that had always worked fine. But this time the partner is using AWS API Gateway and this seems not to work. When I used curl and openssl with the client cert and key it works fine but as long as I am using nginx it still throws an http error 400.

Below is the configuration I am currently using.

server {

    listen         11013;
    server_name    localhost;

    access_log /var/log/nginx/forward_partner_x_nginx_proxy_access.log;
    error_log  /var/log/nginx/forward_partner_x_nginx_proxy_error.log warn;

    proxy_ssl_certificate /root/partner_x_ssl/uat_chain.crt;
    proxy_ssl_certificate_key /root/partner_x_ssl/uat.key;
    resolver 8.8.8.8;
    set  $partner_x_upstream https://api.partner_x.app;


    location /test {
                        access_log off;
                        return 200;
                }


    location / {
                        proxy_set_header Host $proxy_host;
                        proxy_pass $partner_x_upstream;
                        #proxy_pass_request_headers      on;

                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_ssl_protocols TLSv1.2;
                        proxy_ssl_server_name on;
                        proxy_buffering off;
                        proxy_ssl_name xx.xx.xx.xx;
                        #add_header Content-Type application/json;
                }

}

I have tried several iteration of this config and it still didn't work. Because of the client certificate, i am not able to see anything significant over a captured tcpdump.

has anyone able to have a similar config working ? Grateful if you could share some lights on what I am doing wrong here. Thanks in advance.

Best Regards,

分享到QQ

分享到微博