RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L] RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" </Virtualhost>
# forward https to nginx's instance <VirtualHost *:443> ServerName ngx.seancheng.space
# SSL Certification ## using cf origin wildcard certificate SSLEngine On SSLCertificateFile /root/cf/seancheng.space/origin.crt SSLCertificateKeyFile /root/cf/seancheng.space/private.key
# Headers Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;" Header always set X-Frame-Options DENY Header set X-Content-Type-Options "nosniff" RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443"
AllowEncodedSlashes NoDecode <IfModule mod_headers.c> Header set X-XSS-Protection "1; mode=block" </IfModule>
ProxyRequests Off <Proxy *> Order allow,deny Allow from all </Proxy>
ProxyPreserveHost On ProxyPass / http://192.168.28.240:8080/ ProxyPassReverse / http://192.168.28.240:8080/ </VirtualHost>
Cons
container 不能擴容,因為 8080 port 已被佔用,雖然可以不指定 expose’s port,但是就會變得要用另外的方法知道 expose’s port