国产av日韩一区二区三区精品,成人性爱视频在线观看,国产,欧美,日韩,一区,www.成色av久久成人,2222eeee成人天堂

Community

Learn

Tools Library

AI Tools

Leisure

English

Nginx HTTP redirect to HTTPS

天蓬老師 2017-05-16 17:14:12

790

The entire site uses HTTPS, and only port 443 is open. However, it will be inaccessible when using http request, and the https protocol header must be added manually.

Is there any way to redirect http requests on port 80 to 443 to use https?

天蓬老師

歡迎選擇我的課程，讓我們一起見證您的進步~~

reply all(3)

僅有的幸福2017-05-16 17:16:12 3 floor

If you don’t have nginx, install it. If you want to enable http2, the version must be above 1.90, then configure port 443 first, and finally forward the http 80 port request to 443. For complete configuration, please refer to the configuration of my blog below:

#設(shè)置非安全連接永久跳轉(zhuǎn)到安全連接
server{
    listen 80;
    server_name m2mbob.cn;
    #告訴瀏覽器有效期內(nèi)只準(zhǔn)用 https 訪問
    add_header Strict-Transport-Security max-age=15768000;
    #永久重定向到 https 站點
    return 301 https://$server_name$request_uri;
}

server {
    #啟用 https, 使用 http/2 協(xié)議, nginx 1.9.11 啟用 http/2 會有bug, 已在 1.9.12 版本中修復(fù).
    listen 443 ssl http2 fastopen=3 reuseport;
    server_name m2mbob.cn www.m2mbob.cn;
    #告訴瀏覽器不要猜測mime類型
    add_header X-Content-Type-Options nosniff;

    ssl on;
    #證書路徑
    ssl_certificate 證書路徑;
    #私鑰路徑
    ssl_certificate_key 私鑰路徑;
    #安全鏈接可選的加密協(xié)議
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #可選的加密算法,順序很重要,越靠前的優(yōu)先級越高.
    ssl_ciphers 'CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;';
    #在 SSLv3 或 TLSv1 握手過程一般使用客戶端的首選算法,如果啟用下面的配置,則會使用服務(wù)器端的首選算法.
    ssl_prefer_server_ciphers on;
    #儲存SSL會話的緩存類型和大小
    ssl_session_cache shared:SSL:10m;
    #緩存有效期
    ssl_session_timeout 60m;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host      $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass         http://127.0.0.1:2368;
    }
}

Like +0

Add Reply

給我你的懷抱2017-05-16 17:16:12 2 floor

The first plan>

    配置2個監(jiān)聽文件,一個80端口負(fù)責(zé)http,一個443端口負(fù)責(zé)https

Second plan>

server {
            listen 80 default;
            listen 443 ssl;
            server_name test.com;
            root /var/www/html;
            ssl_certificate /usr/local/Tengine/sslcrt/test.com.crt;
            ssl_certificate_key /usr/local/Tengine/sslcrt/test.com.key;
        }

Like +0

Add Reply