nginx反向代理http和https共同使用 双存在

日期:2018-7-12 墨渊 经验教程 浏览:14730次 评论:0条

今天发现了一个问题,就是在反代过程中,https跟http只能单一反代!

不能自适应协议,也不支持协议变量,各种百度啊,两个钟头,测试了各种,都不适用宝塔,

第一种就是建两个server,80与443端口分开。

不过这样代码比较长,不利于维护,第二种,加一个判断,比较简单,宝塔需要手动修改,不能傻瓜设置!

我下面只贴主要代码!

第一种 


server
{
    listen 80;
    server_name www.aeink.com aeink.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.aeink.com;

    location / 
    {
        proxy_pass http://www.aeink.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化连接相关配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }

}
server
{
    listen 443 ssl http2;
    server_name www.aeink.com aeink.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.aeink.com;
    
    #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    ssl_certificate    /etc/letsencrypt/live/www.aeink.com/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/www.aeink.com/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    location / 
    {

        proxy_pass https://www.aeink.com;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化连接相关配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }
}


第二种 

server
{
    listen 80;
    listen 443 ssl http2;
    server_name www.aeink.com aeink.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.aeink.com;

    location / 
    {
    	if ($server_port = 80){
			proxy_pass http://www.aeink.com;
		}
    	if ($server_port = 443){
			proxy_pass https://www.aeink.com;
		}
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化连接相关配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }

}



转载请注明出处 AE博客|墨渊 » nginx反向代理http和https共同使用 双存在

标签: HTTPS NGINX 反向代理

发表评论

路人甲

网友评论(0)

猜你喜欢

分类

友情链接

AD