nginx配置http跳转https的几种要求和方式记录
以nginx-1.23.2测试
(80被占用了,测试换成81端口)
要求一:nginx端口有443,81,即能访问http访问81,也能https访问。
nginx配置如下:
server { listen 81 ; listen 443 ssl; server_name xx.com.cn 192.168.3.1 127.0.0.1; ssl_certificate server.pem; #证书和配置文件同一目录 ssl_certificate_key server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; ....
测试访问
http://xx.com.cn:81/ https://xx.com.cn/
要求二:nginx端口有443,81,访问81强制跳转到https访问。
有两种配置方式
方式一:
server { listen 81; server_name xx.com.cn 192.168.3.1 127.0.0.1; return 301 https://$server_name/$request_uri; } server { listen 443 ssl; server_name xx.com.cn 192.168.3.1 127.0.0.1; ssl_certificate server.pem; #证书和配置文件同一目录 ssl_certificate_key server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; ....
方式二:
server { listen 81; server_name xx.com.cn 192.168.3.1 127.0.0.1; rewrite ^/(.*) https://$server_name/$1 permanent; } server { listen 443 ssl; server_name xx.com.cn 192.168.3.1 127.0.0.1; ssl_certificate server.pem; #证书和配置文件同一目录 ssl_certificate_key server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; ....
访问方式:
http://xx.com.cn:81/ -->会强制跳转到下面https https://xx.com.cn/
要求三:nginx端口使用非443,81端口,https使用8443,http使用81端口访问。
server { listen 81 ; listen 8443 ssl; server_name xx.com.cn 192.168.3.1 127.0.0.1; ssl_certificate server.pem; #证书和配置文件同一目录 ssl_certificate_key server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; ....
访问测试
http://mfa.vgtech.com.cn:81/ https://mfa.vgtech.com.cn:8443/
要求四:nginx端口使用非443,81端口,http使用81端口访问,强制跳转到https的8443。
同样有两种方式
方式一:
server { listen 81; server_name xx.com.cn 192.168.3.1 127.0.0.1; return 301 https://$server_name:8443/$request_uri; } server { listen 8443 ssl; server_name xx.com.cn 192.168.3.1 127.0.0.1; ssl_certificate server.pem; #证书和配置文件同一目录 ssl_certificate_key server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; ....
方式二:
server { listen 81; server_name xx.com.cn 192.168.3.1 127.0.0.1; rewrite ^/(.*) https://$server_name:8443/$1 permanent; } server { listen 443 ssl; server_name xx.com.cn 192.168.3.1 127.0.0.1; ssl_certificate server.pem; #证书和配置文件同一目录 ssl_certificate_key server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; ....
要求五:nginx端口仅开通8443一个端口,要求访问http时,强制跳转到8443的https。
server { listen 8443 ssl; server_name xx.com.cn 192.168.3.1 127.0.0.1; ssl_certificate server.pem; #证书和配置文件同一目录 ssl_certificate_key server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; error_page 497 301 https://$http_host$request_uri; ....
访问测试
mfa.vgtech.com.cn:8443 https://mfa.vgtech.com.cn:8443
好记性不如烂笔头,最难不过坚持
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek “源神”启动!「GitHub 热点速览」
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
· 2 本地部署DeepSeek模型构建本地知识库+联网搜索详细步骤
2018-11-07 关于jenkins旧的构建导致磁盘空间不足问题
2018-11-07 jenkins中通过execute shell启动的进程会被杀死的问题