一个端口同时支持http 与https 协议

最新推荐文章于 2024-02-21 11:36:02 发布

永远少年1024

最新推荐文章于 2024-02-21 11:36:02 发布

阅读量929

点赞数

分类专栏：其他文章标签： ssl nginx https

本文链接：https://blog.csdn.net/ningxuezhu/article/details/129355765

版权

其他专栏收录该内容

11 篇文章 0 订阅

订阅专栏

该配置示例展示了如何使用Nginx在同一端口上同时处理HTTP和HTTPS协议。通过stream模块和map指令，根据SSL预读协议将流量路由到不同的上游服务器。在HTTP部分，配置了gzip压缩、SSL证书和代理设置，以实现安全且高效的服务器通信。

摘要由CSDN通过智能技术生成

一个端口同时支持http 与https 协议

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/



worker_processes  1;

events {
    worker_connections  1024;
}
stream {
    upstream http_gateway {
        server 127.0.0.1:9010;
    }
    upstream https_gateway {
        server 127.0.0.1:9011;
    }

    map $ssl_preread_protocol $upstream {
        default http_gateway;
        "TLSv1.3" https_gateway;
        "TLSv1.0" https_gateway;
        "TLSv1.1"  https_gateway;
        "TLSv1.2"  https_gateway;
    }
    server {
        listen 9001;
        proxy_pass $upstream;
        ssl_preread on;
    }
}

http {
    include       mime.types;
    client_max_body_size 2048M; 
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
	
	# 开启gzip压缩
	gzip on;
	# 不压缩临界值，大于1K的才压缩，一般不用改
	gzip_min_length 1k;
	# 压缩缓冲区
	gzip_buffers 16 64K;
	# 压缩版本（默认1.1，前端如果是squid2.5请使用1.0）
	gzip_http_version 1.1;
	# 压缩级别，1-10，数字越大压缩的越好，时间也越长
	gzip_comp_level 5;
	# 进行压缩的文件类型
	gzip_types text/plain application/x-javascript text/css application/xml application/javascript;
	# 跟Squid等缓存服务有关，on的话会在Header里增加"Vary: Accept-Encoding"
	gzip_vary on;
	# IE6对Gzip不怎么友好，不给它Gzip了
	gzip_disable "MSIE [1-6]\."; 
	server {
                access_log logs/host.access.log;
                error_log  logs/error.log;
       		listen       9010;
		listen       9011 ssl;
        	server_name  域名;
		charset utf-8;
		ssl_certificate /data/webapps/xiaoyuan/nginx/html/cert.pem;
        	ssl_certificate_key /data/webapps/xiaoyuan/nginx/html/cert.key  ;
        	ssl_session_timeout 5m;
        	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        	ssl_prefer_server_ciphers on;
		location / {
                        proxy_set_header X-Forwarded-Proto $scheme;
            		root   /data/webapps/xiaoyuan/nginx/html/dist/;
			try_files $uri $uri/ /index.html;
            		index  index.html index.htm;
        	 }
               
	        location /.well-known/ {
                        root /data/webapps/xiaoyuan/nginx/html/well-known/;
                        add_header Content-Type text/plain;
                }

               location ^~ /dev-api/{
               		rewrite ^/dev-api(.*)$ $1 break;
               		proxy_pass http://localhost:9082;
                	proxy_set_header Host $host;
                	proxy_set_header X-Real-IP $remote_addr;
                	proxy_set_header REMOTE-HOST $remote_addr;
                	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              }

       	      error_page   500 502 503 504  /50x.html;
       	      location = /50x.html {
            		root   html;
       	     }
        }
  
}
# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }