原理:使用nginx的stream、 stream_ssl_preread模块
1.编译nginx
由于stream和stream_ssl_preread模块非默认引入,需要在编译安装nginx时引入;编译时添加配置参数 --with-stream --with-stream_ssl_preread_module
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module
执行make & make install
2.配置nginx.conf
添加stream配置,让其识别到http访问时默认走http,其余走https
stream {
upstream http_gateway {
server 127.0.0.1:8077;
}
upstream https_gateway {
server 127.0.0.1:8076;
}
map $ssl_preread_protocol $upstreama{
default http_gateway;
"TLSv1.0" https_gateway;
"TLSv1.1" https_gateway;
"TLSv1.2" https_gateway;
"TLSv1.3" https_gateway;
}
server {
listen 2345;
ssl_preread on;
proxy_pass $upstreama;
}
}
http {
******
}
3.配置http和https访问资源
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
upstream gateway_service{
server 127.0.0.1:8077 weight=1;
server 127.0.0.1:8076 weight=2;
}
server {
listen 8077;
listen 8076 ssl;
server_name 192.168.19.1;
ssl_certificate /root/Public/ssl/cert.pem;
ssl_certificate_key /root/Public/ssl/key.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
client_max_body_size 100M;
#ssl_certificate xxx.pem;
# ssl_certificate_key xxx.key;
location / {
proxy_pass http://gateway_service;
}
}
}
重启ng,即可同时通过http和https访问了。