526互联

nginx配置http跳转https的几种要求和方式记录

发布时间 2023-11-07 14:25:39作者: 叮伱格斐呃

以nginx-1.23.2测试

 (80被占用了,测试换成81端口)

要求一:nginx端口有443,81,即能访问http访问81,也能https访问。

nginx配置如下:

    server {
         listen       81 ;
         listen       443 ssl;
         server_name   xx.com.cn 192.168.3.1 127.0.0.1;

         ssl_certificate      server.pem;  #证书和配置文件同一目录
         ssl_certificate_key  server.key;
         ssl_session_timeout  5m;
         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
         #ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
         ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
         ssl_prefer_server_ciphers   on;

....

测试访问

http://xx.com.cn:81/
https://xx.com.cn/

 

要求二:nginx端口有443,81,访问81强制跳转到https访问。

有两种配置方式

  方式一:

server {
         listen       81;
         server_name  xx.com.cn 192.168.3.1 127.0.0.1;
         return       301 https://$server_name/$request_uri;
    }    

server {
         listen       443 ssl;
         server_name   xx.com.cn 192.168.3.1 127.0.0.1;

         ssl_certificate      server.pem;  #证书和配置文件同一目录
         ssl_certificate_key  server.key;
         ssl_session_timeout  5m;
         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
         #ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
         ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
         ssl_prefer_server_ciphers   on;

....

 

  方式二:

server {
         listen       81;
         server_name  xx.com.cn 192.168.3.1 127.0.0.1;
         rewrite ^/(.*) https://$server_name/$1 permanent;
    }    

server {
         listen       443 ssl;
         server_name   xx.com.cn 192.168.3.1 127.0.0.1;

         ssl_certificate      server.pem;  #证书和配置文件同一目录
         ssl_certificate_key  server.key;
         ssl_session_timeout  5m;
         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
         #ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
         ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
         ssl_prefer_server_ciphers   on;

....

 

访问方式:

http://xx.com.cn:81/   -->会强制跳转到下面https
https://xx.com.cn/

 

要求三:nginx端口使用非443,81端口,https使用8443,http使用81端口访问。

    server {
         listen       81 ;
         listen       8443 ssl;
         server_name   xx.com.cn 192.168.3.1 127.0.0.1;

         ssl_certificate      server.pem;  #证书和配置文件同一目录
         ssl_certificate_key  server.key;
         ssl_session_timeout  5m;
         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
         #ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
         ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
         ssl_prefer_server_ciphers   on;

....

 

访问测试

http://mfa.vgtech.com.cn:81/
https://mfa.vgtech.com.cn:8443/

 

要求四:nginx端口使用非443,81端口,http使用81端口访问,强制跳转到https的8443。

同样有两种方式

方式一:

server {
         listen       81;
         server_name  xx.com.cn 192.168.3.1 127.0.0.1;
         return       301 https://$server_name:8443/$request_uri;
    }    

server {
         listen       8443 ssl;
         server_name   xx.com.cn 192.168.3.1 127.0.0.1;

         ssl_certificate      server.pem;  #证书和配置文件同一目录
         ssl_certificate_key  server.key;
         ssl_session_timeout  5m;
         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
         #ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
         ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
         ssl_prefer_server_ciphers   on;

....

 

方式二:

server {
         listen       81;
         server_name  xx.com.cn 192.168.3.1 127.0.0.1;
         rewrite ^/(.*) https://$server_name:8443/$1 permanent;
    }    

server {
         listen       443 ssl;
         server_name   xx.com.cn 192.168.3.1 127.0.0.1;

         ssl_certificate      server.pem;  #证书和配置文件同一目录
         ssl_certificate_key  server.key;
         ssl_session_timeout  5m;
         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
         #ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
         ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
         ssl_prefer_server_ciphers   on;

....

 

 

要求五:nginx端口仅开通8443一个端口,要求访问http时,强制跳转到8443的https。

server {
         listen       8443 ssl;
         server_name   xx.com.cn 192.168.3.1 127.0.0.1;

         ssl_certificate      server.pem;  #证书和配置文件同一目录
         ssl_certificate_key  server.key;
         ssl_session_timeout  5m;
         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
         #ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
         ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
         ssl_prefer_server_ciphers   on;
         error_page 497 301 https://$http_host$request_uri;

....

 

访问测试

mfa.vgtech.com.cn:8443
https://mfa.vgtech.com.cn:8443