1. 技术文章
  2. How to redirect on the same port from http to https with nginx reverse proxy

How to redirect on the same port from http to https with nginx reverse proxy

放肆的年华 提交于 2019-12-18 10:49:06

问题


I use reverse proxy with Nginx and I want to force the request into HTTPS, so if a user wants to access the url with http, he will be automatically redirected to HTTPS.

I'm also using a non-standard port.

Here is my nginx reverse proxy config: 

server {
    listen 8001  ssl;
    ssl_certificate /home/xxx/server.crt;
    ssl_certificate_key /home/xxx/server.key;
    location / {
        proxy_pass https://localhost:8000;
        proxy_redirect off;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header  X-Forwarded-Proto  https;
    }
}

I've tried many things and also read posts about it, including this serverfault question, but nothing has worked so far.


回答1:


Found something that is working well : 

server {
        listen 8001  ssl;
        ssl_certificate /home/xxx/server.crt;
        ssl_certificate_key /home/xxx/server.key;
        error_page 497 301 =307 https://$host:$server_port$request_uri;
        location /{
            proxy_pass http://localhost:8000;
            proxy_redirect off;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Ssl on;
        }
}



回答2:


Are you sure your solution is working? It is listening for 8001 ssl. Will it accept http request?

I do it this way:

server {
    listen   80;
    server_name  yourhostname.com;

    location / {
            rewrite ^(.*) https://yourhostname.com:8001$1 permanent;
    }
}

Then goes your config:

server {
    listen 8001  ssl;
    ssl_certificate /home/xxx/server.crt;
    ssl_certificate_key /home/xxx/server.key;
    location / {
        proxy_pass https://localhost:8000;
        proxy_redirect off;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header  X-Forwarded-Proto  https;
    }
}



回答3:


You can

  1. use $server_name to avoid hard coding your domain name again (DRY),
  2. use return 301 for a bit easier reading (a web dev should know this http status code)

Note: I put 443 for https server. You may listen to 8001 if you really want that.

server {
    listen   80;
    server_name  your_hostname.com;

    return 301 https://$server_name$request_uri;
}
...
server {
    listen 443 ssl;
    server_name your_hostname.com
    ...
}



回答4:


This worked for me:

server {
listen       80;
server_name  localhost;
...
if ($http_x_forwarded_proto = "http") {
      return 301 https://$server_name$request_uri;
}
location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8080;
}

...
}


来源:https://stackoverflow.com/questions/15429043/how-to-redirect-on-the-same-port-from-http-to-https-with-nginx-reverse-proxy

标签
ssl
proxy
nginx
reverse-proxy
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!