Nginx http到http重定向400普通HTTP请求被发送到HTTPS端口

t1rydlwq  于 2022-11-21  发布在  Nginx
关注(0)|答案(1)|浏览(244)

我有一个在端口http://app1.internal.example.com:8080的http和端口https://app1.internal.example.com:8443的https上公开的应用程序
所以我有80和443nginx服务器块来帮助重定向来自http端口的请求到应用程序的https端口

$ curl http://app1.internal.example.com:8080

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
</body>
</html>

$ curl -IL http://app1.internal.example.com:8080

HTTP/1.1 400 Bad Request
Date: Wed, 09 Nov 2022 00:39:30 GMT
Content-Type: text/html
Content-Length: 220
Connection: close

这里是https端口上的curl,它返回200

$ curl -IL https://app1.internal.example.com:8443

HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:38:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1274335
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding

下面是我的nginx服务器块的http到https重定向
我如何修复这个错误,使curl可以在http请求中返回200

server {
    listen 80;
    listen [::]:80;

    server_name app1.internal.example.com;

    return 301 https://app1.internal.example.com:8443$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name app1.internal.example.com;

    location ^~ / {
        proxy_pass http://localhost:5000;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }
}
qv7cva1a

qv7cva1a1#

问题已修复,发生了另一个配置文件具有端口80侦听SSL导致的错误

server {
    listen 80 ssl;
    listen [::]:80 ssl;

    server_name another-app1.internal.example.com;

    return 301 https://another-app1.internal.example.com:8443$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name another-app1.internal.example.com;

    location ^~ / {
        proxy_pass http://localhost:5000;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }
}

所以我只需要从端口80中删除SSL,现在一切似乎都很好
下面是没有ssl的http块应该是什么样子,一些旧的nginx可能是ssl on;,你必须从端口80或http端口删除它。检查整个配置文件,确保没有遗漏任何一个,你应该没问题

server {
    listen 80;
    listen [::]:80;

    server_name another-app1.internal.example.com;

    return 301 https://another-app1.internal.example.com:8443$request_uri;
}

...
...

相关问题