nginx反向代理http和https共同使用 雙存在

今天發現了一個問題,就是在反代過程中,https跟http只能單一反代!

不能自適應協議,也不支持協議變量,各種百度啊,兩個鐘頭,測試了各種,都不適用寶塔,

第一種就是建兩個server,80與443端口分開。

不過這樣代碼比較長,不利于維護,第二種,加一個判斷,比較簡單,寶塔需要手動修改,不能傻瓜設置!

我下面只貼主要代碼!

第一種


server
{
    listen 80;
    server_name www.zrmowm.tw aeink.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.zrmowm.tw;

    location / 
    {
        proxy_pass http://www.zrmowm.tw;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化連接相關配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }

}
server
{
    listen 443 ssl http2;
    server_name www.zrmowm.tw aeink.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.zrmowm.tw;
    
    #SSL-START SSL相關配置,請勿刪除或修改下一行帶注釋的404規則
    #error_page 404/404.html;
    ssl_certificate    /etc/letsencrypt/live/www.zrmowm.tw/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/www.zrmowm.tw/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    location / 
    {

        proxy_pass http://www.zrmowm.tw;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化連接相關配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }
}


第二種

server
{
    listen 80;
    listen 443 ssl http2;
    server_name www.zrmowm.tw aeink.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/www.zrmowm.tw;

    location / 
    {
    	if ($server_port = 80){
			proxy_pass http://www.zrmowm.tw;
		}
    	if ($server_port = 443){
			proxy_pass http://www.zrmowm.tw;
		}
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                
        #持久化連接相關配置
        #proxy_connect_timeout 30s;
        #proxy_read_timeout 86400s;
        #proxy_send_timeout 30s;
        #proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        
        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }

}



轉載請注明出處 AE博客|墨淵 ? nginx反向代理http和https共同使用 雙存在

相關推薦

發表評論

路人甲

網友評論(0)