nginx配置http和https可同时访问方法
给nginx配置SSL证书之后,https可以正常访问,http访问显示400错误,nginx的配置如下:
server {
listen 80 default backlog=2048;
listen 443;
server_name lvtao.net;
root /var/www/html;
ssl on;
ssl_certificate /usr/local/Tengine/sslcrt/lvtao.net.crt;
ssl_certificate_key /usr/local/Tengine/sslcrt/lvtao.net.key;
}
http访问的时候,报错如下:
The plain HTTP requset was sent to HTTPS port. Sorry for the inconvenience.
Please report this message and include the following information to us.
Thank you very much!
server {
listen 80 default backlog=2048;
listen 443 ssl;
server_name lvtao.net;
root /var/www/html;
ssl_certificate /usr/local/Tengine/sslcrt/lvtao.net.crt;
ssl_certificate_key /usr/local/Tengine/sslcrt/lvtao.net.Key;
}
nginx在配置http/https代理,最开始比较麻烦的写法:
upstream example
{
server 1.1.1.1:80;
server 2.2.2.2:80 backup;
}
upstream example_https
{
server 1.1.1.1:443;
server 2.2.2.2:443 backup;
}
server
{
listen 80;
server_name www.example.com;
index index.html index.htm index.php;
root /data/web/webclose;
location / {
proxy_pass http://example;
expires off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /data/logs/$host.log access;
}
server
{
listen 443 ssl;
server_name www.example.com;
root /data/web/webclose;
include ssl_example.conf;
location / {
proxy_pass https://example_https;
expires off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /data/logs/$host.log access;
}
这种写法比较麻烦,要写两份。
因此投机取巧换个写法:
upstream example_http
{
server 1.1.1.1:80;
server 2.2.2.2:80 backup;
}
upstream example_https
{
server 1.1.1.1:443;
server 2.2.2.2:443 backup;
}
server
{
listen 80;
listen 443 ssl;
server_name www.example.com;
index index.html index.htm index.php;
root /data/web/webclose;
include ssl_example.conf;
location / {
proxy_pass $scheme://example_$scheme;
expires off;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /data/logs/$host.log access;
}
可以充分利用nginx的变量简化配置的编写。
http://www.voidcn.com/article/p-gklwjbjb-st.html
一、代理nginx开启80,443端口 ############################################################################ # cat /etc/nginx/conf.d/nginx_http.conf # 设置通过http域名访问的时候直接跳转https server { listen 80; server_name www.meteor-yu.com; rewrite ^/(.*) https://$server_name/$1 permanent; } # 设置不允许IP访问 server { listen 80 default_server; server_name _; return 403; } # 设置通过http访问顶级域名meteor-yu.com自动跳转https访问www.meteor-yu.com这个域名 server { listen 80; server_name meteor-yu.com; return 301 https://www.meteor-yu.com$request_uri; } ############################################################################ 二、创建自签名证书 # cat /etc/nginx/conf.d/nginx_https.conf # 创建自签名证书,并添加到配置中 server { listen 443; server_name www.meteor-yu.com; ssl on; ssl_certificate conf.d/server.crt; ssl_certificate_key conf.d/server.key; access_log /var/log/nginx/staff_assessing_system_access.log main; error_log /var/log/nginx/staff_assessing_system_error.log; location / { proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_ignore_client_abort on; proxy_connect_timeout 60s; proxy_read_timeout 5400s; proxy_send_timeout 5400s; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://10.10.10.10:84; # 转发到后台的web端口,这里是后台web是84端口,后台访问仍然是http } } # 不允许https直接IP访问 server { listen 443 default_server; server_name _; ssl on; ssl_certificate /etc/nginx_ssl/server.crt; ssl_certificate_key /etc/nginx_ssl/server.key; return 403; } # 设置通过https访问顶级域名meteor-yu.com自动跳转到www.meteor-yu.com这个域名 server { listen 443; ssl on; ssl_certificate /etc/nginx_ssl/server.crt; ssl_certificate_key /etc/nginx_ssl/server.key; server_name meteor-yu.com; return 301 https://www.meteor-yu.com$request_uri; } ############################################################################
posted on 2021-02-20 14:25 yipianchuyun 阅读(6256) 评论(0) 编辑 收藏 举报
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 一个奇形怪状的面试题:Bean中的CHM要不要加volatile?
· [.NET]调用本地 Deepseek 模型
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· 在鹅厂做java开发是什么体验
· 百万级群聊的设计实践
· WPF到Web的无缝过渡:英雄联盟客户端的OpenSilver迁移实战
· 永远不要相信用户的输入:从 SQL 注入攻防看输入验证的重要性
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析