【个人记录】NGINX反向代理支持同端口HTTP与HTTPS协议访问

监听4000端口,反向代理127.0.0.1:9090的Web网页

NGINX配置如下

lua 复制代码
server {
    listen 4000 ssl http2 ; 
    server_name www.http.com,www.https.com; 
    proxy_set_header Host $host; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header X-Forwarded-Host $server_name; 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_http_version 1.1; 
    proxy_set_header Upgrade $http_upgrade; 
    proxy_set_header Connection "upgrade"; 
	location ^~ / {
	    proxy_pass http://127.0.0.1:9090; 
	    proxy_set_header Host $host; 
	    proxy_set_header X-Real-IP $remote_addr; 
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
	    proxy_set_header REMOTE-HOST $remote_addr; 
	    proxy_set_header Upgrade $http_upgrade; 
	    proxy_set_header Connection "upgrade"; 
	    proxy_set_header X-Forwarded-Proto $scheme; 
	    proxy_http_version 1.1; 
	    add_header Cache-Control no-cache; 
	}
    location @https_to_http {
        proxy_pass http://127.0.0.1:9090$request_uri;
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header REMOTE-HOST $remote_addr; 
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection "upgrade"; 
        proxy_set_header X-Forwarded-Proto $scheme; 
        proxy_http_version 1.1; 
        add_header Cache-Control no-cache; 
    }
    ssl_certificate /www/sites/www.https.com/ssl/fullchain.pem; 
    ssl_certificate_key /www/sites/www.https.com/ssl/privkey.pem; 
    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; 
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; 
    ssl_prefer_server_ciphers on; 
    ssl_session_cache shared:SSL:10m; 
    ssl_session_timeout 10m; 
    add_header Strict-Transport-Security "max-age=31536000"; 
    error_page 497 =  @https_to_http;
    proxy_set_header X-Forwarded-Proto https; 
    ssl_stapling on; 
    ssl_stapling_verify on; 
}

监听4000为https端口,当用http访问时会触发497错误,定向497错误至@https_to_http进行反向代理提供服务。

相关推荐
虚拟指尖9 分钟前
Ubuntu编译安装COLMAP【实测编译成功】
linux·运维·ubuntu
椎4951 小时前
苍穹外卖前端nginx错误之一解决
运维·前端·nginx
刘某的Cloud1 小时前
parted磁盘管理
linux·运维·系统·parted
啊?啊?1 小时前
4 解锁 Linux 操作新姿势:man、grep、tar ,创建用户及添加权限等 10 大实用命令详解
linux·服务器·实用指令
程序员老舅1 小时前
干货|腾讯 Linux C/C++ 后端开发岗面试
linux·c语言·c++·编程·大厂面试题
极验1 小时前
iPhone17实体卡槽消失?eSIM 普及下的安全挑战与应对
大数据·运维·安全
爱倒腾的老唐2 小时前
24、Linux 路由管理
linux·运维·网络
程序员Aries2 小时前
自定义网络协议与序列化/反序列化
linux·网络·c++·网络协议·程序人生
yannan201903132 小时前
Docker容器
运维·docker·容器
_清浅2 小时前
计算机网络【第六章-应用层】
运维·服务器·计算机网络