nginx 同一个端口支持http和https配置

罗雀儿2024-03-31 13:20

原理:使用nginx的stream、 stream_ssl_preread模块

由于stream和stream_ssl_preread模块非默认引入,需要在编译安装nginx时引入;编译时添加配置参数 --with-stream --with-stream_ssl_preread_module

1、编译nginx

./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module

执行make & make install

2、配置nginx.conf

添加stream配置,让其识别到http访问时默认走http,其余走https

bash 复制代码 
stream {
  upstream  http_gateway {
    server  127.0.0.1:80801;
  }
  upstream  https_gateway {
    server  127.0.0.1:80802;
  }
  map $ssl_preread_protocol $upstream {
    default http_gateway;
    "TLSv1.0" https_gateway;
    "TLSv1.1" https_gateway;
    "TLSv1.2" https_gateway;
    "TLSv1.3" https_gateway;
  }
  
  server {
    listen 8080;
    ssl_preread on;
    proxy_pass $upstream;
  }
  
  upstream http_gateway_8081 {
    server 127.0.0.1:80811;
  }
  upstream https_gateway_4664 {
    server 127.0.0.1:80812;
  }
  map $ssl_preread_protocol $upstream_8081 {
    default http_gateway_8081;
    "TLSv1.0" https_gateway_8081;
    "TLSv1.1" https_gateway_8081;
    "TLSv1.2" https_gateway_8081;
    "TLSv1.3" https_gateway_8081;
  }

  server {
    listen 8081;
    ssl_preread on;
	proxy_pass $upstream_8081;
  }
}

3、简单的nginx.conf示例供参考

bash 复制代码 
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;

    server {
       access_log logs/demo-info.log;
		listen 80801;
		listen 80802 ssl;
		server_name localhost;
		ssl_certificate      /usr/local/nginx/conf/ssl/server.crt;
		ssl_certificate_key  /usr/local/nginx/conf/ssl/server.key;
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  10m;
		ssl_protocols  TLSv1.2;  
		ssl_prefer_server_ciphers  on;
		ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
		location / {
            proxy_pass http://127.0.0.1:4399;
        }
    }
	server {
		access_log logs/demo-test.log;
		listen 80811;
		listen 80812 ssl;
		server_name localhost;
		ssl_certificate      /usr/local/nginx/conf/ssl/server.crt;
		ssl_certificate_key  /usr/local/nginx/conf/ssl/server.key;
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  10m;
		ssl_protocols  TLSv1.2;  
		ssl_prefer_server_ciphers  on;
		ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

		location / {
            proxy_pass http://127.0.0.1:4340;
        }
	}

}
相关推荐
ZzzZZzzzZZZzzzz…1 小时前
Nginx_Tomcat综合案例
运维·nginx·tomcat·负载均衡·rhce·反向代理·https加密服务
拷贝码农卡卡东11 小时前
pre-commit run --all-files 报错:http.client.RemoteDisconnected
网络·网络协议·http
DoWhatUWant11 小时前
域格YM310 X09移芯CAT1模组HTTPS连接服务器
服务器·网络协议·https
又菜又爱玩呜呜呜~13 小时前
go使用反射获取http.Request参数到结构体
开发语言·http·golang
cellurw16 小时前
Linux下C语言实现HTTP+SQLite3电子元器件查询系统
linux·c语言·http
希望201716 小时前
Golang | http/server & Gin框架简述
http·golang·gin
全栈技术负责人16 小时前
前端网络性能优化实践:从 HTTP 请求到 HTTPS 与 HTTP/2 升级
前端·网络·http
VueVirtuoso17 小时前
SaaS 建站从 0 到 1 教程:Vue 动态域名 + 后端子域名管理 + Nginx 配置
前端·vue.js·nginx
Whisper_Yu18 小时前
计算机网络(一)基础概念
计算机网络·http·https·信息与通信
007php00720 小时前
Redis高级面试题解析:深入理解Redis的工作原理与优化策略
java·开发语言·redis·nginx·缓存·面试·职场和发展
热门推荐
01GitHub 镜像站点02KGG转MP3工具|非KGM文件|解密音频03conda中设置镜像地址(附所有可换的地址)04UV安装并设置国内源05A股预测还能更准?开源大模型Kronos带你跑通预测+回测全流程06智能库存管理的需求预测模型:从业务痛点到落地代码的完整实践0746个Nano-banana 精选提示词,持续更新中08UV 工具安装与国内镜像源配置指南09突破百度网盘的下载限速,两种方法教会你【超详细】10Spec-Kit 使用指南