nginx反向代理http和https共同使用双存在

原创

墨渊

发布于 2018-07-13 11:12:38

1.3K20

代码可运行

文章被收录于专栏：优启梦优启梦

运行总次数：0

代码可运行

今天发现了一个问题，就是在反代过程中，https跟http只能单一反代！

不能自适应协议，也不支持协议变量，各种百度啊，两个钟头，测试了各种，都不适用宝塔，

第一种就是建两个server，80与443端口分开。

不过这样代码比较长，不利于维护，第二种，加一个判断，比较简单，宝塔需要手动修改，不能傻瓜设置！

我下面只贴主要代码！

第一种

server
{
    listen 80;
    server_name www.aeink.com aeink.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.aeink.com;

    location / 
    {
        proxy_pass http://www.aeink.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化连接相关配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }

}
server
{
    listen 443 ssl http2;
    server_name www.aeink.com aeink.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.aeink.com;
    
    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    ssl_certificate    /etc/letsencrypt/live/www.aeink.com/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/www.aeink.com/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    location / 
    {

        proxy_pass https://www.aeink.com;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化连接相关配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }
}

第二种

server { listen 80; listen 443 ssl http2; server_name www.aeink.com aeink.com; index index.php index.html index.htm default.php default.htm default.html; root /www/wwwroot/www.aeink.com; location / { if ($server_port = 80){ proxy_pass http://www.aeink.com; } if ($server_port = 443){ proxy_pass https://www.aeink.com; } proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; #持久化连接相关配置 #proxy_connect_timeout 30s; #proxy_read_timeout 86400s; #proxy_send_timeout 30s; #proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "upgrade"; add_header X-Cache $upstream_cache_status; expires 12h; } } 原文地址：http://www.aeink.com/1059.html

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

其他

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

其他

登录后参与评论

0 条评论

热度