Nginx 解决访问http自动https的问题

根据项目需求,需要在nginx上开启SSL配置证书,https访问域名然后访问后端的http tomcat程序。需要设置http 80强制跳转https。

80配置添加

rewrite ^(.*)$ https://${server_name}$1 permanent;

完整配置信息如下 

 server {
        listen       80;
        server_name  abc.111.com;
		
		# force redirect http to https
		
		rewrite ^(.*)$ https://${server_name}$1 permanent;
		

        #access_log  logs/host.access.log  main;
				
        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }

443 SSL配置

在location或者server里面添加

proxy_redirect http:// $scheme://;

完整配置信息如下 

server {
		listen 443 ssl;
		server_name abc.111.com;
		root html;
		index index.html index.htm;
		
		ssl_certificate C:/nginx/cert/server.crt;
		ssl_certificate_key C:/nginx/cert/server.key;
		ssl_session_timeout 30m;
		
		# intermediate configuration
		ssl_protocols TLSv1.2 TLSv1.3;
		ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
		ssl_prefer_server_ciphers off;
		
		client_max_body_size 100m;
		
		proxy_set_header  X-Real-IP  $remote_addr;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	
		# HTTP Force Jump to HTTPS
		proxy_redirect http:// $scheme://;

		# To resolve nginx 504 issue
		proxy_connect_timeout 600;
		proxy_send_timeout 600;
		proxy_read_timeout 600;

		# SVN Server
		location /app {
			proxy_pass http://127.0.0.1:8888;
        }
}

你可能感兴趣的:(Nginx,http,nginx,https)