nginx配置http和https可同时访问方法

给nginx配置SSL证书之后,https可以正常访问,http访问显示400错误,nginx的配置如下:

server {
listen 80 default backlog=2048;
listen 443;
server_name lvtao.net;
root /var/www/html;
ssl on;
ssl_certificate /usr/local/Tengine/sslcrt/lvtao.net.crt;
ssl_certificate_key /usr/local/Tengine/sslcrt/lvtao.net.key;
}

http访问的时候,报错如下:

400 Bad Request
The plain HTTP requset was sent to HTTPS port. Sorry for the inconvenience.
Please report this message and include the following information to us.
Thank you very much!
 
原因是http的请求被发送到https的端口上去了,所以才会出现这样的问题。
把ssl on;这行去掉,ssl写在443端口后面。这样http和https的链接都可以用,完美解决,修改后的配置如下:

server {
listen 80 default backlog=2048;
listen 443 ssl;
server_name lvtao.net;
root /var/www/html;
ssl_certificate /usr/local/Tengine/sslcrt/lvtao.net.crt;
ssl_certificate_key /usr/local/Tengine/sslcrt/lvtao.net.Key;
}

 
 
nginx proxy_pass同时支持http/https的小技巧(https://www.cnblogs.com/wshenjin/p/13183929.html)

nginx在配置http/https代理,最开始比较麻烦的写法:

upstream example
{
        server 1.1.1.1:80;
        server 2.2.2.2:80 backup;
}

upstream example_https
{
        server 1.1.1.1:443;
        server 2.2.2.2:443 backup;
}

server
{
    listen       80;
    server_name  www.example.com;
    index index.html index.htm index.php;
    root /data/web/webclose;
    location / {
        proxy_pass  http://example;
        expires off;
        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
    access_log  /data/logs/$host.log  access;
}

server
{
    listen       443 ssl;
    server_name  www.example.com;
    root /data/web/webclose;
    include ssl_example.conf;
    location / {
        proxy_pass  https://example_https;
        expires off;
        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
    access_log  /data/logs/$host.log  access;
}

这种写法比较麻烦,要写两份。
因此投机取巧换个写法:

upstream example_http
{
        server 1.1.1.1:80;
        server 2.2.2.2:80 backup;
}

upstream example_https
{
        server 1.1.1.1:443;
        server 2.2.2.2:443 backup;
}

server
{
    listen       80;
    listen       443 ssl;
    server_name  www.example.com;
    index index.html index.htm index.php;
    root /data/web/webclose;
    include ssl_example.conf;
    location / {
        proxy_pass  $scheme://example_$scheme;
        expires off;
        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
    access_log  /data/logs/$host.log  access;
}

可以充分利用nginx的变量简化配置的编写。

 

 

 

 

http://www.voidcn.com/article/p-gklwjbjb-st.html

复制代码
一、代理nginx开启80,443端口

############################################################################

# cat /etc/nginx/conf.d/nginx_http.conf

        # 设置通过http域名访问的时候直接跳转https

server {

    listen 80;

    server_name www.meteor-yu.com;

    rewrite ^/(.*) https://$server_name/$1 permanent;

}

        # 设置不允许IP访问

server {

   listen 80 default_server;

    server_name _;

    return 403;

}

        # 设置通过http访问顶级域名meteor-yu.com自动跳转https访问www.meteor-yu.com这个域名

server {

   listen 80;

    server_name meteor-yu.com;

    return 301 https://www.meteor-yu.com$request_uri;

}


############################################################################

二、创建自签名证书

# cat /etc/nginx/conf.d/nginx_https.conf

        # 创建自签名证书,并添加到配置中

server {

    listen 443;

    server_name www.meteor-yu.com;

    

    ssl on;

    ssl_certificate conf.d/server.crt;

    ssl_certificate_key conf.d/server.key;


    access_log /var/log/nginx/staff_assessing_system_access.log main;

    error_log /var/log/nginx/staff_assessing_system_error.log;

    location / {

        proxy_next_upstream http_502 http_504 error timeout invalid_header;

        proxy_ignore_client_abort on;

        proxy_connect_timeout 60s;

        proxy_read_timeout 5400s;

        proxy_send_timeout 5400s;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://10.10.10.10:84;   # 转发到后台的web端口,这里是后台web是84端口,后台访问仍然是http

    } 

}

        # 不允许https直接IP访问

server {

    listen 443 default_server;

    server_name _;

    ssl on;

    ssl_certificate /etc/nginx_ssl/server.crt;

    ssl_certificate_key /etc/nginx_ssl/server.key;

    return 403;

}

        # 设置通过https访问顶级域名meteor-yu.com自动跳转到www.meteor-yu.com这个域名

server {

    listen 443;

    ssl on;

    ssl_certificate /etc/nginx_ssl/server.crt;

    ssl_certificate_key /etc/nginx_ssl/server.key;

    server_name meteor-yu.com;

    return 301 https://www.meteor-yu.com$request_uri;

}


############################################################################
复制代码

 

posted on   yipianchuyun  阅读(6256)  评论(0编辑  收藏  举报

编辑推荐:
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 一个奇形怪状的面试题:Bean中的CHM要不要加volatile?
· [.NET]调用本地 Deepseek 模型
· 一个费力不讨好的项目,让我损失了近一半的绩效!
阅读排行:
· 在鹅厂做java开发是什么体验
· 百万级群聊的设计实践
· WPF到Web的无缝过渡:英雄联盟客户端的OpenSilver迁移实战
· 永远不要相信用户的输入:从 SQL 注入攻防看输入验证的重要性
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析

导航

< 2025年2月 >
26 27 28 29 30 31 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 1
2 3 4 5 6 7 8
点击右上角即可分享
微信分享提示