How to redirect on the same port from http to http

2019-02-01 04:47发布

站内问答 / 后端开发
1661 4 5

I use reverse proxy with Nginx and I want to force the request into HTTPS, so if a user wants to access the url with http, he will be automatically redirected to HTTPS.

I'm also using a non-standard port.

Here is my nginx reverse proxy config: 

server {
    listen 8001  ssl;
    ssl_certificate /home/xxx/server.crt;
    ssl_certificate_key /home/xxx/server.key;
    location / {
        proxy_pass https://localhost:8000;
        proxy_redirect off;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header  X-Forwarded-Proto  https;
    }
}

I've tried many things and also read posts about it, including this serverfault question, but nothing has worked so far.

4条回答
劳资没心,怎么记你
2楼-- · 2019-02-01 05:30

Are you sure your solution is working? It is listening for 8001 ssl. Will it accept http request?

I do it this way:

server {
    listen   80;
    server_name  yourhostname.com;

    location / {
            rewrite ^(.*) https://yourhostname.com:8001$1 permanent;
    }
}

Then goes your config:

server {
    listen 8001  ssl;
    ssl_certificate /home/xxx/server.crt;
    ssl_certificate_key /home/xxx/server.key;
    location / {
        proxy_pass https://localhost:8000;
        proxy_redirect off;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header  X-Forwarded-Proto  https;
    }
}
查看更多
0人赞 添加讨论(0) 举报
虎瘦雄心在
3楼-- · 2019-02-01 05:36

You can

  1. use $server_name to avoid hard coding your domain name again (DRY),
  2. use return 301 for a bit easier reading (a web dev should know this http status code)

Note: I put 443 for https server. You may listen to 8001 if you really want that.

server {
    listen   80;
    server_name  your_hostname.com;

    return 301 https://$server_name$request_uri;
}
...
server {
    listen 443 ssl;
    server_name your_hostname.com
    ...
}
查看更多
0人赞 添加讨论(0) 举报
Luminary・发光体
4楼-- · 2019-02-01 05:38

Found something that is working well : 

server {
        listen 8001  ssl;
        ssl_certificate /home/xxx/server.crt;
        ssl_certificate_key /home/xxx/server.key;
        error_page 497  https://$host:$server_port$request_uri;
        location /{
            proxy_pass http://localhost:8000;
            proxy_redirect off;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Ssl on;
        }
}
查看更多
0人赞 添加讨论(0) 举报
乱世女痞
5楼-- · 2019-02-01 05:40

This worked for me:

server {
listen       80;
server_name  localhost;
...
if ($http_x_forwarded_proto = "http") {
      return 301 https://$server_name$request_uri;
}
location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8080;
}

...
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)