nginx 同一个端口支持http和https配置

罗雀儿2024-03-31 13:20

原理:使用nginx的stream、 stream_ssl_preread模块

由于stream和stream_ssl_preread模块非默认引入,需要在编译安装nginx时引入;编译时添加配置参数 --with-stream --with-stream_ssl_preread_module

1、编译nginx

./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module

执行make & make install

2、配置nginx.conf

添加stream配置,让其识别到http访问时默认走http,其余走https

bash 复制代码 
stream {
  upstream  http_gateway {
    server  127.0.0.1:80801;
  }
  upstream  https_gateway {
    server  127.0.0.1:80802;
  }
  map $ssl_preread_protocol $upstream {
    default http_gateway;
    "TLSv1.0" https_gateway;
    "TLSv1.1" https_gateway;
    "TLSv1.2" https_gateway;
    "TLSv1.3" https_gateway;
  }
  
  server {
    listen 8080;
    ssl_preread on;
    proxy_pass $upstream;
  }
  
  upstream http_gateway_8081 {
    server 127.0.0.1:80811;
  }
  upstream https_gateway_4664 {
    server 127.0.0.1:80812;
  }
  map $ssl_preread_protocol $upstream_8081 {
    default http_gateway_8081;
    "TLSv1.0" https_gateway_8081;
    "TLSv1.1" https_gateway_8081;
    "TLSv1.2" https_gateway_8081;
    "TLSv1.3" https_gateway_8081;
  }

  server {
    listen 8081;
    ssl_preread on;
	proxy_pass $upstream_8081;
  }
}

3、简单的nginx.conf示例供参考

bash 复制代码 
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;

    server {
       access_log logs/demo-info.log;
		listen 80801;
		listen 80802 ssl;
		server_name localhost;
		ssl_certificate      /usr/local/nginx/conf/ssl/server.crt;
		ssl_certificate_key  /usr/local/nginx/conf/ssl/server.key;
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  10m;
		ssl_protocols  TLSv1.2;  
		ssl_prefer_server_ciphers  on;
		ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
		location / {
            proxy_pass http://127.0.0.1:4399;
        }
    }
	server {
		access_log logs/demo-test.log;
		listen 80811;
		listen 80812 ssl;
		server_name localhost;
		ssl_certificate      /usr/local/nginx/conf/ssl/server.crt;
		ssl_certificate_key  /usr/local/nginx/conf/ssl/server.key;
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  10m;
		ssl_protocols  TLSv1.2;  
		ssl_prefer_server_ciphers  on;
		ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

		location / {
            proxy_pass http://127.0.0.1:4340;
        }
	}

}
相关推荐
游戏开发爱好者8几秒前
如何在 Windows 环境下测试 iOS App,实时日志,CPU监控
android·ios·小程序·https·uni-app·iphone·webview
岁岁种桃花儿28 分钟前
深入理解 Keepalive:从协议到 Nginx 实战(全场景解析)
运维·nginx
康小庄31 分钟前
通过NGINX实现将小程序HTTPS请求转为内部HTTP请求
java·spring boot·nginx·spring·http·小程序
一颗青果33 分钟前
对称加密 | 非对称加密 | HTTPS的加密方式 | CA认证 | 中间人攻击
网络·网络协议·https
牵牛老人1 小时前
Qt后端开发遇到跨域问题终极解决方案 与 Nginx反向代理全解析
qt·nginx·状态模式
小豪GO!1 小时前
HTTP和HTTPS-八股
网络协议·http·https
小目标一个亿12 小时前
Windows平台Nginx配置web账号密码验证
linux·前端·nginx
Voyager_418 小时前
OS八股:HTTP 与 WebSocket 的通信模型差异 —— 理解等待、轮询、阻塞与全双工
websocket·网络协议·http
克里斯蒂亚诺更新19 小时前
https写一个定位当前位置获取经纬度的H5页面
css·网络协议·https
养乐多q.♡19 小时前
docker镜像的nginx配置证书SSL,单独配置单个localtion使用证书,其他nginx配置不影响
nginx·docker·ssl
热门推荐
01GitHub 镜像站点02Linux下V2Ray安装配置指南03Labelme从安装到标注:零基础完整指南04网站改了域名,如何查找?05AI 规范驱动开发“三剑客”深度对比:Spec-Kit、Kiro 与 OpenSpec 实战指南06UV安装并设置国内源07Claude Code Skills 实用使用手册08安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)09百度网盘偷偷给电脑“降频”?102025年大语言模型技术全景报告