【个人记录】NGINX反向代理支持同端口HTTP与HTTPS协议访问

监听4000端口,反向代理127.0.0.1:9090的Web网页

NGINX配置如下

lua 复制代码
server {
    listen 4000 ssl http2 ; 
    server_name www.http.com,www.https.com; 
    proxy_set_header Host $host; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header X-Forwarded-Host $server_name; 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_http_version 1.1; 
    proxy_set_header Upgrade $http_upgrade; 
    proxy_set_header Connection "upgrade"; 
	location ^~ / {
	    proxy_pass http://127.0.0.1:9090; 
	    proxy_set_header Host $host; 
	    proxy_set_header X-Real-IP $remote_addr; 
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
	    proxy_set_header REMOTE-HOST $remote_addr; 
	    proxy_set_header Upgrade $http_upgrade; 
	    proxy_set_header Connection "upgrade"; 
	    proxy_set_header X-Forwarded-Proto $scheme; 
	    proxy_http_version 1.1; 
	    add_header Cache-Control no-cache; 
	}
    location @https_to_http {
        proxy_pass http://127.0.0.1:9090$request_uri;
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header REMOTE-HOST $remote_addr; 
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection "upgrade"; 
        proxy_set_header X-Forwarded-Proto $scheme; 
        proxy_http_version 1.1; 
        add_header Cache-Control no-cache; 
    }
    ssl_certificate /www/sites/www.https.com/ssl/fullchain.pem; 
    ssl_certificate_key /www/sites/www.https.com/ssl/privkey.pem; 
    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; 
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; 
    ssl_prefer_server_ciphers on; 
    ssl_session_cache shared:SSL:10m; 
    ssl_session_timeout 10m; 
    add_header Strict-Transport-Security "max-age=31536000"; 
    error_page 497 =  @https_to_http;
    proxy_set_header X-Forwarded-Proto https; 
    ssl_stapling on; 
    ssl_stapling_verify on; 
}

监听4000为https端口,当用http访问时会触发497错误,定向497错误至@https_to_http进行反向代理提供服务。

相关推荐
一张假钞8 分钟前
Ubuntu 24.04 安装 Jenkins
linux·ci/cd·jenkins
getExpectObject()11 分钟前
【jenkins】构建安卓
运维·jenkins
tuokuac32 分钟前
查看你电脑上某个端口正在被哪个进程占用
linux
小池先生34 分钟前
服务请求出现偶发超时问题,经查服务本身没问题,问题出现在nginx转发。
运维·服务器·nginx
java_logo42 分钟前
vllm-openai Docker 部署手册
运维·人工智能·docker·ai·容器
MANONGMN1 小时前
Linux 通配符与正则表达式(含实战案例+避坑指南)
linux·运维·正则表达式
带土11 小时前
18 .shell编程-正则表达式
linux·正则表达式
勤源科技1 小时前
运维知识图谱的构建与应用
运维·人工智能·知识图谱
jiyuzzz1 小时前
Docker部署WordPress及相关配置
运维·docker·容器
爱吃甜品的糯米团子1 小时前
Linux 学习笔记之进程管理、网络基础与常用软件安装
linux·网络·学习