nginx 同一个端口支持http和https配置

  • 开发
  • 44

原理:使用nginx的stream、 stream_ssl_preread模块
由于stream和stream_ssl_preread模块非默认引入,需要在编译安装nginx时引入;编译时添加配置参数 --with-stream --with-stream_ssl_preread_module

1、编译nginx

./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module

执行make & make install

2、配置nginx.conf

添加stream配置,让其识别到http访问时默认走http,其余走https

stream {
  upstream  http_gateway {
    server  127.0.0.1:80801;
  }
  upstream  https_gateway {
    server  127.0.0.1:80802;
  }
  map $ssl_preread_protocol $upstream {
    default http_gateway;
    "TLSv1.0" https_gateway;
    "TLSv1.1" https_gateway;
    "TLSv1.2" https_gateway;
    "TLSv1.3" https_gateway;
  }
  
  server {
    listen 8080;
    ssl_preread on;
    proxy_pass $upstream;
  }
  
  upstream http_gateway_8081 {
    server 127.0.0.1:80811;
  }
  upstream https_gateway_4664 {
    server 127.0.0.1:80812;
  }
  map $ssl_preread_protocol $upstream_8081 {
    default http_gateway_8081;
    "TLSv1.0" https_gateway_8081;
    "TLSv1.1" https_gateway_8081;
    "TLSv1.2" https_gateway_8081;
    "TLSv1.3" https_gateway_8081;
  }

  server {
    listen 8081;
    ssl_preread on;
	proxy_pass $upstream_8081;
  }
}

3、简单的nginx.conf示例供参考

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;

    server {
       access_log logs/demo-info.log;
		listen 80801;
		listen 80802 ssl;
		server_name localhost;
		ssl_certificate      /usr/local/nginx/conf/ssl/server.crt;
		ssl_certificate_key  /usr/local/nginx/conf/ssl/server.key;
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  10m;
		ssl_protocols  TLSv1.2;  
		ssl_prefer_server_ciphers  on;
		ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
		location / {
            proxy_pass http://127.0.0.1:4399;
        }
    }
	server {
		access_log logs/demo-test.log;
		listen 80811;
		listen 80812 ssl;
		server_name localhost;
		ssl_certificate      /usr/local/nginx/conf/ssl/server.crt;
		ssl_certificate_key  /usr/local/nginx/conf/ssl/server.key;
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  10m;
		ssl_protocols  TLSv1.2;  
		ssl_prefer_server_ciphers  on;
		ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

		location / {
            proxy_pass http://127.0.0.1:4340;
        }
	}

}
阅读全部

相关推荐

  1. nginx 同一个端口支持httphttps配置

    2024-03-28 14:58:03       45 阅读

  2. nginx配置若依框架vue打包项目(同时支持httphttps

    2024-03-28 14:58:03       63 阅读

  3. Nginx 域名证书 Http Https 详细配置

    2024-03-28 14:58:03       46 阅读

  4. nginx配置ssl支持https的详细步骤

    2024-03-28 14:58:03       46 阅读

  5. nginx-http-flv配置

    2024-03-28 14:58:03       37 阅读

  6. nignx配置https证书

    2024-03-28 14:58:03       42 阅读

  8. nginx配置https( Windows Server)

    2024-03-28 14:58:03       60 阅读

  9. nginx怎么配置https访问

    2024-03-28 14:58:03       32 阅读

最近更新

  3. docker php8.1+nginx base 镜像 dockerfile 配置

    2024-03-28 14:58:03       98 阅读

  4. Could not load dynamic library ‘cudart64_100.dll‘

    2024-03-28 14:58:03       106 阅读

  9. 在Django里面运行非项目文件

    2024-03-28 14:58:03       87 阅读

  19. Python语言-面向对象

    2024-03-28 14:58:03       96 阅读

  20. 如何分清楚常见的 Git 分支管理策略Git Flow、GitHub Flow 和 GitLab Flow

    2024-03-28 14:58:03       91 阅读

热门阅读

  2. 蓝桥集训之子矩阵

    2024-03-28 14:58:03       41 阅读

  3. spring boot的小数位丢失.00 或者.0

    2024-03-28 14:58:03       38 阅读

  4. 面试 JVM 八股文十问十答第五期

    2024-03-28 14:58:03       45 阅读

  6. node.js常用命令

    2024-03-28 14:58:03       43 阅读

  7. Popup

    2024-03-28 14:58:03       44 阅读

  14. IDEA调优

    2024-03-28 14:58:03       41 阅读

  16. 获取开发环境命令 npx envinfo --system --npmPackages vue --binaries --browsers

    2024-03-28 14:58:03       37 阅读

  25. 【服务器】常见服务器高危端口

    2024-03-28 14:58:03       45 阅读

  26. Vue常用命令

    2024-03-28 14:58:03       37 阅读