【个人记录】NGINX反向代理支持同端口HTTP与HTTPS协议访问

监听4000端口,反向代理127.0.0.1:9090的Web网页

NGINX配置如下

lua 复制代码
server {
    listen 4000 ssl http2 ; 
    server_name www.http.com,www.https.com; 
    proxy_set_header Host $host; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header X-Forwarded-Host $server_name; 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_http_version 1.1; 
    proxy_set_header Upgrade $http_upgrade; 
    proxy_set_header Connection "upgrade"; 
	location ^~ / {
	    proxy_pass http://127.0.0.1:9090; 
	    proxy_set_header Host $host; 
	    proxy_set_header X-Real-IP $remote_addr; 
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
	    proxy_set_header REMOTE-HOST $remote_addr; 
	    proxy_set_header Upgrade $http_upgrade; 
	    proxy_set_header Connection "upgrade"; 
	    proxy_set_header X-Forwarded-Proto $scheme; 
	    proxy_http_version 1.1; 
	    add_header Cache-Control no-cache; 
	}
    location @https_to_http {
        proxy_pass http://127.0.0.1:9090$request_uri;
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header REMOTE-HOST $remote_addr; 
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection "upgrade"; 
        proxy_set_header X-Forwarded-Proto $scheme; 
        proxy_http_version 1.1; 
        add_header Cache-Control no-cache; 
    }
    ssl_certificate /www/sites/www.https.com/ssl/fullchain.pem; 
    ssl_certificate_key /www/sites/www.https.com/ssl/privkey.pem; 
    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; 
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; 
    ssl_prefer_server_ciphers on; 
    ssl_session_cache shared:SSL:10m; 
    ssl_session_timeout 10m; 
    add_header Strict-Transport-Security "max-age=31536000"; 
    error_page 497 =  @https_to_http;
    proxy_set_header X-Forwarded-Proto https; 
    ssl_stapling on; 
    ssl_stapling_verify on; 
}

监听4000为https端口,当用http访问时会触发497错误,定向497错误至@https_to_http进行反向代理提供服务。

相关推荐
tntxia14 小时前
linux curl命令详解_curl详解
linux
扛枪的书生16 小时前
Linux 网络管理器用法速查
linux
SkyWalking中文站18 小时前
认识 Horizon UI · 1/17:SkyWalking 新一代可观测性控制台
运维·前端·监控
顺风尿一寸19 小时前
Java Socket 内核之旅:从 SocketChannel.read() 到 tcp_recvmsg 与 epoll 的完整调用链路
linux
雪梨酱QAQ21 小时前
Kubeneters HA Cluster部署
运维
江华森1 天前
Spring Cloud 微服务全栈实战:从 Eureka 到 Docker Compose 一文贯通
运维
江华森1 天前
Matplotlib 数据绘图基础入门
运维
XIAOHEZIcode1 天前
Ubuntu 终端美化全栈指南:Bash 到 Kitty 踩坑实录
linux·ubuntu·命令行
江华森1 天前
NumPy 数值计算基础入门
运维
唐青枫1 天前
别再只会用 cron:Linux systemd Timer 定时任务实战详解
linux