发表新帖
发表新帖

How to redirect on the same port from http to https with nginx reverse proxy

后端 未结
关注
5 1881
借酒劲吻你
借酒劲吻你 2020-12-24 01:12

I use reverse proxy with Nginx and I want to force the request into HTTPS, so if a user wants to access the url with http, he will be automatically redirected to HTTPS.

相关标签:
5条回答
  • 抹茶落季
    2020-12-24 01:50

    This worked for me:

    server {
listen       80;
server_name  localhost;
...
if ($http_x_forwarded_proto = "http") {
      return 301 https://$server_name$request_uri;
}
location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8080;
}

...
}
    0 讨论(0)
  • 面向向阳花
    2020-12-24 01:51

    Are you sure your solution is working? It is listening for 8001 ssl. Will it accept http request?

    I do it this way:

    server {
    listen   80;
    server_name  yourhostname.com;

    location / {
            rewrite ^(.*) https://yourhostname.com:8001$1 permanent;
    }
}

    Then goes your config:

    server {
    listen 8001  ssl;
    ssl_certificate /home/xxx/server.crt;
    ssl_certificate_key /home/xxx/server.key;
    location / {
        proxy_pass https://localhost:8000;
        proxy_redirect off;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header  X-Forwarded-Proto  https;
    }
}
    0 讨论(0)
  • 栀梦
    2020-12-24 02:04

    You can

    1. use $server_name to avoid hard coding your domain name again (DRY),
    2. use return 301 for a bit easier reading (a web dev should know this http status code)

    Note: I put 443 for https server. You may listen to 8001 if you really want that.

    server {
    listen   80;
    server_name  your_hostname.com;

    return 301 https://$server_name$request_uri;
}
...
server {
    listen 443 ssl;
    server_name your_hostname.com
    ...
}
    0 讨论(0)
  • 情书的邮戳
    2020-12-24 02:10

    Found something that is working well : 

    server {
        listen 8001  ssl;
        ssl_certificate /home/xxx/server.crt;
        ssl_certificate_key /home/xxx/server.key;
        error_page 497 301 =307 https://$host:$server_port$request_uri;
        location /{
            proxy_pass http://localhost:8000;
            proxy_redirect off;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Ssl on;
        }
}
    0 讨论(0)
  • 误落风尘
    2020-12-24 02:13

    This is my approach, which I think is quite clean and allows you to add further locations if needed. I add a test on the $http_x_forwarded_proto property which if true forces all HTTP traffic to HTTPS on a NGINX Reverse Proxy setup

    upstream flask_bootstrap {
    server flask-bootstrap:8000;
}

server {
    # SSL traffic terminates on the Load Balancer so we only need to listen on port 80
    listen 80;

    # Set reverse proxy
    location / {
        proxy_pass http://flask_bootstrap;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect http://localhost/;

        # Permanently redirect any http calls to https
        if ($http_x_forwarded_proto != 'https') {
            return 301 https://$host$request_uri;
        }
    }
}
    0 讨论(0)
 看不清?
提交回复
热议问题