因此,我有一个正在运行的应用程序,由于遗留原因,必须保持其带有尾随端口号的旧 URL 正常运行。
所以我有一个类似这样的配置:
server {
listen 443 ssl;
listen 8080 ssl;
server_name myurl.com;
ssl on;
ssl_certificate /etc/nginx/conf.d/certfile.pem;
ssl_certificate_key /etc/nginx/conf.d/keyfile.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:7990;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Location $host:443;
proxy_redirect off;
}
}
除了某些 AJAX 请求myurl.com:8080会抛出 CRSF 错误之外,它运行正常。我想让当用户连接 8080 端口时,nginx 会自动将其重写为 443。这可以做到吗?我尝试添加各种标头,但似乎都没有奏效。
也尝试做过 return 301 https://$server_name:443$request_uri;但是 nginx 确实不喜欢。
答案1
您可以将服务器块分成两个,每个端口一个。将通用配置移到外部块(如果这些是您仅有的服务器块)或使用指令包含通用配置include。
例如:
ssl_certificate /etc/nginx/conf.d/certfile.pem;
ssl_certificate_key /etc/nginx/conf.d/keyfile.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server {
listen 8080 ssl;
server_name myurl.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name myurl.com;
location / { ... }
}
如果端口为 ,则该return指令不需要指定端口。如果坚持要添加端口,请尝试添加语句。https443nginx8080port_in_redirect off;