【个人记录】NGINX反向代理支持同端口HTTP与HTTPS协议访问

监听4000端口,反向代理127.0.0.1:9090的Web网页

NGINX配置如下

lua 复制代码
server {
    listen 4000 ssl http2 ; 
    server_name www.http.com,www.https.com; 
    proxy_set_header Host $host; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header X-Forwarded-Host $server_name; 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_http_version 1.1; 
    proxy_set_header Upgrade $http_upgrade; 
    proxy_set_header Connection "upgrade"; 
	location ^~ / {
	    proxy_pass http://127.0.0.1:9090; 
	    proxy_set_header Host $host; 
	    proxy_set_header X-Real-IP $remote_addr; 
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
	    proxy_set_header REMOTE-HOST $remote_addr; 
	    proxy_set_header Upgrade $http_upgrade; 
	    proxy_set_header Connection "upgrade"; 
	    proxy_set_header X-Forwarded-Proto $scheme; 
	    proxy_http_version 1.1; 
	    add_header Cache-Control no-cache; 
	}
    location @https_to_http {
        proxy_pass http://127.0.0.1:9090$request_uri;
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header REMOTE-HOST $remote_addr; 
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection "upgrade"; 
        proxy_set_header X-Forwarded-Proto $scheme; 
        proxy_http_version 1.1; 
        add_header Cache-Control no-cache; 
    }
    ssl_certificate /www/sites/www.https.com/ssl/fullchain.pem; 
    ssl_certificate_key /www/sites/www.https.com/ssl/privkey.pem; 
    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; 
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; 
    ssl_prefer_server_ciphers on; 
    ssl_session_cache shared:SSL:10m; 
    ssl_session_timeout 10m; 
    add_header Strict-Transport-Security "max-age=31536000"; 
    error_page 497 =  @https_to_http;
    proxy_set_header X-Forwarded-Proto https; 
    ssl_stapling on; 
    ssl_stapling_verify on; 
}

监听4000为https端口,当用http访问时会触发497错误,定向497错误至@https_to_http进行反向代理提供服务。

相关推荐
太空的旅行者41 分钟前
告别双系统——WSL2+UBUNTU在WIN上畅游LINUX
linux·运维·ubuntu
九章云极AladdinEdu2 小时前
超参数自动化调优指南:Optuna vs. Ray Tune 对比评测
运维·人工智能·深度学习·ai·自动化·gpu算力
人工智能训练师3 小时前
Ubuntu22.04如何安装新版本的Node.js和npm
linux·运维·前端·人工智能·ubuntu·npm·node.js
灿烂阳光g3 小时前
domain_auto_trans,source_domain,untrusted_app
android·linux
Tisfy4 小时前
服务器 - 从一台服务器切换至另一台服务器(损失数十条访客记录)
运维·服务器
Ronin3054 小时前
【Linux系统】日志与策略模式
linux·策略模式·日志
qq_264220895 小时前
Nginx优化与 SSL/TLS配置
运维·nginx
ZzzK,5 小时前
JAVA虚拟机(JVM)
java·linux·jvm
Aspiresky6 小时前
浅析Linux进程信号处理机制:基本原理及应用
linux·运维·信号处理
全栈工程师修炼指南7 小时前
告别手动构建!Jenkins 与 Gitlab 完美协作,根据参数自动化触发CI/CD流水线实践
运维·ci/cd·自动化·gitlab·jenkins