nginx反向代理http和https共同使用 双存在
原创
今天发现了一个问题,就是在反代过程中,https跟http只能单一反代!
不能自适应协议,也不支持协议变量,各种百度啊,两个钟头,测试了各种,都不适用宝塔,
第一种就是建两个server,80与443端口分开。
不过这样代码比较长,不利于维护,第二种,加一个判断,比较简单,宝塔需要手动修改,不能傻瓜设置!
我下面只贴主要代码!
第一种
server
{
listen 80;
server_name www.aeink.com aeink.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/www.aeink.com;
location /
{
proxy_pass http://www.aeink.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
#持久化连接相关配置
#proxy_connect_timeout 30s;
#proxy_read_timeout 86400s;
#proxy_send_timeout 30s;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
add_header X-Cache $upstream_cache_status;
expires 12h;
}
}
server
{
listen 443 ssl http2;
server_name www.aeink.com aeink.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/www.aeink.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /etc/letsencrypt/live/www.aeink.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.aeink.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
location /
{
proxy_pass https://www.aeink.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
#持久化连接相关配置
#proxy_connect_timeout 30s;
#proxy_read_timeout 86400s;
#proxy_send_timeout 30s;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
add_header X-Cache $upstream_cache_status;
expires 12h;
}
}第二种
server { listen 80; listen 443 ssl http2; server_name www.aeink.com aeink.com; index index.php index.html index.htm default.php default.htm default.html; root /www/wwwroot/www.aeink.com; location / { if ($server_port = 80){ proxy_pass http://www.aeink.com; } if ($server_port = 443){ proxy_pass https://www.aeink.com; } proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; #持久化连接相关配置 #proxy_connect_timeout 30s; #proxy_read_timeout 86400s; #proxy_send_timeout 30s; #proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "upgrade"; add_header X-Cache $upstream_cache_status; expires 12h; } } 原文地址:http://www.aeink.com/1059.html
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
腾讯云开发者
