nginx配置http和https可同时访问方法

给nginx配置SSL证书之后，https可以正常访问，http访问显示400错误，nginx的配置如下：

server {
listen 80 default backlog=2048;
listen 443;
server_name lvtao.net;
root /var/www/html;
ssl on;
ssl_certificate /usr/local/Tengine/sslcrt/lvtao.net.crt;
ssl_certificate_key /usr/local/Tengine/sslcrt/lvtao.net.key;
}

http访问的时候，报错如下：

400 Bad Request
The plain HTTP requset was sent to HTTPS port. Sorry for the inconvenience.
Please report this message and include the following information to us.
Thank you very much!

 

原因是http的请求被发送到https的端口上去了，所以才会出现这样的问题。

把ssl on；这行去掉，ssl写在443端口后面。这样http和https的链接都可以用，完美解决，修改后的配置如下：

server {
listen 80 default backlog=2048;
listen 443 ssl;
server_name lvtao.net;
root /var/www/html;
ssl_certificate /usr/local/Tengine/sslcrt/lvtao.net.crt;
ssl_certificate_key /usr/local/Tengine/sslcrt/lvtao.net.Key;
}

 

 

nginx proxy_pass同时支持http/https的小技巧（https://www.cnblogs.com/wshenjin/p/13183929.html）

nginx在配置http/https代理，最开始比较麻烦的写法：

upstream example
{
        server 1.1.1.1:80;
        server 2.2.2.2:80 backup;
}

upstream example_https
{
        server 1.1.1.1:443;
        server 2.2.2.2:443 backup;
}

server
{
    listen       80;
    server_name  www.example.com;
    index index.html index.htm index.php;
    root /data/web/webclose;
    location / {
        proxy_pass  http://example;
        expires off;
        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
    access_log  /data/logs/$host.log  access;
}

server
{
    listen       443 ssl;
    server_name  www.example.com;
    root /data/web/webclose;
    include ssl_example.conf;
    location / {
        proxy_pass  https://example_https;
        expires off;
        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
    access_log  /data/logs/$host.log  access;
}

这种写法比较麻烦，要写两份。
因此投机取巧换个写法：

upstream example_http
{
        server 1.1.1.1:80;
        server 2.2.2.2:80 backup;
}

upstream example_https
{
        server 1.1.1.1:443;
        server 2.2.2.2:443 backup;
}

server
{
    listen       80;
    listen       443 ssl;
    server_name  www.example.com;
    index index.html index.htm index.php;
    root /data/web/webclose;
    include ssl_example.conf;
    location / {
        proxy_pass  $scheme://example_$scheme;
        expires off;
        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
    access_log  /data/logs/$host.log  access;
}

可以充分利用nginx的变量简化配置的编写。

http://www.voidcn.com/article/p-gklwjbjb-st.html

一、代理nginx开启80，443端口

############################################################################

# cat /etc/nginx/conf.d/nginx_http.conf

        # 设置通过http域名访问的时候直接跳转https

server {

    listen 80;

    server_name www.meteor-yu.com;

    rewrite ^/(.*) https://$server_name/$1 permanent;

}

        # 设置不允许IP访问

server {

   listen 80 default_server;

    server_name _;

    return 403;

}

        # 设置通过http访问顶级域名meteor-yu.com自动跳转https访问www.meteor-yu.com这个域名

server {

   listen 80;

    server_name meteor-yu.com;

    return 301 https://www.meteor-yu.com$request_uri;

}


############################################################################

二、创建自签名证书

# cat /etc/nginx/conf.d/nginx_https.conf

        # 创建自签名证书，并添加到配置中

server {

    listen 443;

    server_name www.meteor-yu.com;

    

    ssl on;

    ssl_certificate conf.d/server.crt;

    ssl_certificate_key conf.d/server.key;


    access_log /var/log/nginx/staff_assessing_system_access.log main;

    error_log /var/log/nginx/staff_assessing_system_error.log;

    location / {

        proxy_next_upstream http_502 http_504 error timeout invalid_header;

        proxy_ignore_client_abort on;

        proxy_connect_timeout 60s;

        proxy_read_timeout 5400s;

        proxy_send_timeout 5400s;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://10.10.10.10:84;   # 转发到后台的web端口，这里是后台web是84端口，后台访问仍然是http

    } 

}

        # 不允许https直接IP访问

server {

    listen 443 default_server;

    server_name _;

    ssl on;

    ssl_certificate /etc/nginx_ssl/server.crt;

    ssl_certificate_key /etc/nginx_ssl/server.key;

    return 403;

}

        # 设置通过https访问顶级域名meteor-yu.com自动跳转到www.meteor-yu.com这个域名

server {

    listen 443;

    ssl on;

    ssl_certificate /etc/nginx_ssl/server.crt;

    ssl_certificate_key /etc/nginx_ssl/server.key;

    server_name meteor-yu.com;

    return 301 https://www.meteor-yu.com$request_uri;

}


############################################################################