nginx 同一个端口支持http和https配置

罗雀儿2024-03-31 13:20

原理:使用nginx的stream、 stream_ssl_preread模块

由于stream和stream_ssl_preread模块非默认引入,需要在编译安装nginx时引入;编译时添加配置参数 --with-stream --with-stream_ssl_preread_module

1、编译nginx

./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module

执行make & make install

2、配置nginx.conf

添加stream配置,让其识别到http访问时默认走http,其余走https

bash 复制代码 
stream {
  upstream  http_gateway {
    server  127.0.0.1:80801;
  }
  upstream  https_gateway {
    server  127.0.0.1:80802;
  }
  map $ssl_preread_protocol $upstream {
    default http_gateway;
    "TLSv1.0" https_gateway;
    "TLSv1.1" https_gateway;
    "TLSv1.2" https_gateway;
    "TLSv1.3" https_gateway;
  }
  
  server {
    listen 8080;
    ssl_preread on;
    proxy_pass $upstream;
  }
  
  upstream http_gateway_8081 {
    server 127.0.0.1:80811;
  }
  upstream https_gateway_4664 {
    server 127.0.0.1:80812;
  }
  map $ssl_preread_protocol $upstream_8081 {
    default http_gateway_8081;
    "TLSv1.0" https_gateway_8081;
    "TLSv1.1" https_gateway_8081;
    "TLSv1.2" https_gateway_8081;
    "TLSv1.3" https_gateway_8081;
  }

  server {
    listen 8081;
    ssl_preread on;
	proxy_pass $upstream_8081;
  }
}

3、简单的nginx.conf示例供参考

bash 复制代码 
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;

    server {
       access_log logs/demo-info.log;
		listen 80801;
		listen 80802 ssl;
		server_name localhost;
		ssl_certificate      /usr/local/nginx/conf/ssl/server.crt;
		ssl_certificate_key  /usr/local/nginx/conf/ssl/server.key;
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  10m;
		ssl_protocols  TLSv1.2;  
		ssl_prefer_server_ciphers  on;
		ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
		location / {
            proxy_pass http://127.0.0.1:4399;
        }
    }
	server {
		access_log logs/demo-test.log;
		listen 80811;
		listen 80812 ssl;
		server_name localhost;
		ssl_certificate      /usr/local/nginx/conf/ssl/server.crt;
		ssl_certificate_key  /usr/local/nginx/conf/ssl/server.key;
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  10m;
		ssl_protocols  TLSv1.2;  
		ssl_prefer_server_ciphers  on;
		ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

		location / {
            proxy_pass http://127.0.0.1:4340;
        }
	}

}
相关推荐
苹果醋36 小时前
Java8->Java19的初步探索
java·运维·spring boot·mysql·nginx
石牌桥网管7 小时前
OpenSSL 生成根证书、中间证书和网站证书
网络协议·https·openssl
雨雪飘零7 小时前
Windows系统使用OpenSSL生成自签名证书
nginx·证书·openssl
yanwushu8 小时前
Xserver v1.4.2发布,支持自动重载 nginx 配置
mysql·nginx·php·个人开发·composer
阑梦清川13 小时前
JavaEE初阶---网络原理(五)---HTTP协议
网络·http·java-ee
阿尔帕兹14 小时前
构建 HTTP 服务端与 Docker 镜像:从开发到测试
网络协议·http·docker
follycat16 小时前
[极客大挑战 2019]HTTP 1
网络·网络协议·http·网络安全
earthzhang202117 小时前
《深入浅出HTTPS》读书笔记(5):随机数
网络协议·http·https
xiaoxiongip66617 小时前
HTTP 和 HTTPS
网络·爬虫·网络协议·tcp/ip·http·https·ip
CXDNW17 小时前
【网络面试篇】HTTP(2)(笔记)——http、https、http1.1、http2.0
网络·笔记·http·面试·https·http2.0
热门推荐
01如何才能让手机厂商主动拥抱华为,接入鸿蒙系统?02【HarmonyOS】HUAWEI DevEco Studio 下载地址汇总03组基轨迹建模 GBTM的介绍与实现(Stata 或 R)04【TC3xx芯片】TC3xx芯片电源管理系统PMS详解05基于YOLOv10深度学习的CT扫描图像肾结石智能检测系统【python源码+Pyqt5界面+数据集+训练代码】深度学习实战、目标检测06【经验分享】Ubuntu22.04安装微信(linux官方版)07Macbook pro M1 安装Ubuntu教程08RAG 实践- Ollama+RagFlow 部署本地知识库09Windows10安装PCL1.14.0及点云配准10文件或文件夹名称中有空格如何批量去除