【个人记录】NGINX反向代理支持同端口HTTP与HTTPS协议访问

监听4000端口,反向代理127.0.0.1:9090的Web网页

NGINX配置如下

lua 复制代码
server {
    listen 4000 ssl http2 ; 
    server_name www.http.com,www.https.com; 
    proxy_set_header Host $host; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header X-Forwarded-Host $server_name; 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_http_version 1.1; 
    proxy_set_header Upgrade $http_upgrade; 
    proxy_set_header Connection "upgrade"; 
	location ^~ / {
	    proxy_pass http://127.0.0.1:9090; 
	    proxy_set_header Host $host; 
	    proxy_set_header X-Real-IP $remote_addr; 
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
	    proxy_set_header REMOTE-HOST $remote_addr; 
	    proxy_set_header Upgrade $http_upgrade; 
	    proxy_set_header Connection "upgrade"; 
	    proxy_set_header X-Forwarded-Proto $scheme; 
	    proxy_http_version 1.1; 
	    add_header Cache-Control no-cache; 
	}
    location @https_to_http {
        proxy_pass http://127.0.0.1:9090$request_uri;
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header REMOTE-HOST $remote_addr; 
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection "upgrade"; 
        proxy_set_header X-Forwarded-Proto $scheme; 
        proxy_http_version 1.1; 
        add_header Cache-Control no-cache; 
    }
    ssl_certificate /www/sites/www.https.com/ssl/fullchain.pem; 
    ssl_certificate_key /www/sites/www.https.com/ssl/privkey.pem; 
    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; 
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; 
    ssl_prefer_server_ciphers on; 
    ssl_session_cache shared:SSL:10m; 
    ssl_session_timeout 10m; 
    add_header Strict-Transport-Security "max-age=31536000"; 
    error_page 497 =  @https_to_http;
    proxy_set_header X-Forwarded-Proto https; 
    ssl_stapling on; 
    ssl_stapling_verify on; 
}

监听4000为https端口,当用http访问时会触发497错误,定向497错误至@https_to_http进行反向代理提供服务。

相关推荐
光路科技20 分钟前
光路科技将携工控四大产品亮相工博会,展示工业自动化新成果
运维·科技·自动化
csdn_aspnet24 分钟前
Linux Node.js 安装及环境配置详细教程
linux·node.js
PAQQ1 小时前
解决 ubuntu 重启串口号变化
linux·运维·ubuntu
dyxal2 小时前
linux系统安装wps
linux·运维·wps
大家的笔记本2 小时前
jetson orin super nano(arm linux系统)上读取大恒图像工业相机(型号MER-050-560U3C)教程
linux·arm开发·相机
007php0072 小时前
Redis高级面试题解析:深入理解Redis的工作原理与优化策略
java·开发语言·redis·nginx·缓存·面试·职场和发展
九章云极AladdinEdu2 小时前
深度学习优化器进化史:从SGD到AdamW的原理与选择
linux·服务器·开发语言·网络·人工智能·深度学习·gpu算力
Xxtaoaooo2 小时前
Nginx 502 网关错误:upstream 超时配置的踩坑与优化
运维·nginx·负载均衡·502错误·upstream超时
青草地溪水旁2 小时前
Linux epoll 事件模型终极指南:深入解析 epoll_event 与事件类型
linux·epoll
..过云雨3 小时前
04.【Linux系统编程】基础开发工具2(makefile、进度条程序实现、版本控制器Git、调试器gdb/cgdb的使用)
linux·笔记·学习