nginx 配置 https 不成功呢？

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

For Existing Member Sign In

• 请不要在回答技术问题时复制粘贴 AI 生成的内容

This topic created in 2910 days ago, the information mentioned may be changed or developed.

server {
        listen       80;
        #listen       [::]:4000 default_server;
        server_name  www.xxx.com xxx.com;
        #root         /usr/share/nginx/html;
        #root         /home/kkfor/koa-blog/admin/dist;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        #rewrite ^(.*) https://$host$1 permanent;
        ssl on;
        ssl_certificate 1_xxx.com_bundle.crt;
        ssl_certificate_key 2_xxx.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照>这个套件配置
        ssl_prefer_server_ciphers on;
        location / {
            proxy_pass          http://127.0.0.1:3000;
            proxy_set_header    Host $host;
            proxy_set_header    X-Real-IP $remote_addr;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
            #proxy_set_header    X-Forwarded-Proto  $scheme;
            #proxy_redirect      off;
            #proxy_http_version  1.1;
            #proxy_set_header    Upgrade     $http_upgrade;
            #proxy_set_header    Connection  $connection_upgrade;
            try_files $uri $uri/ /index.html last;
            index index.html;
        }

17 replies • 2018-05-12 17:41:05 +08:00

secretman

May 12, 2018 via iPhone

80 ？？？

Junghh

May 12, 2018

没 listen 443 腾讯云 SSL 证书？
可以看看我以前的示例 https://junghh.oss-cn-shanghai.aliyuncs.com/miji/conf%E7%A4%BA%E4%BE%8B.txt
或我自己记录的 HTTPS 步骤 https://onepi.cc/web1/

letitbesqzr

May 12, 2018

报错呢，错误信息错误截图呢，啥都没，谁知道你报的啥错啊。监听 80 也是可以的 https://xxx.com:80 这样访问。

hacklele

May 12, 2018

<img src="https://s1.ax1x.com/2018/05/12/CBnj41.png" alt="CBnj41.png" border="0" />

给你参考下我的~

hacklele

May 12, 2018

Keyblade

May 12, 2018

@hacklele #5 帮你
https://s1.ax1x.com/2018/05/12/CBnj41.png
直接贴图片地址就行了

Keyblade

May 12, 2018

@hacklele #5

尴尬了不小心贴错了（。

yantianqi

May 12, 2018

listen 443 后 https 成功
开启这个后 rewrite ^(.*) https://$host$1 permanent;
网页提示多次重定向，打不开。

Servo

May 12, 2018

@yantianqi 取消注释“ proxy_set_header X-Forwarded-Proto $scheme; ”试试

henryshen233

May 12, 2018 via iPhone

Listen [Port] ssl;
比如
Listen 8080 ssl;

580a388da131

May 12, 2018

@yantianqi 这个规则得先判断是不是 http。你这 80、443 合在一起写的情况不判断会无限循环重定向。

BFDZ

May 12, 2018 via Android

配置文件里写两个 server，第一个 server 只监听 443,第二 server 只监听 80,做 301 调整到 https

Hardrain

May 12, 2018

listen 80 和 listen 443 ssl ( http2)要放在两个不同的 server{}里

你这样子即便已经通过 https(443)访问，nginx 还是会发重定向，而且是重定向到当前访问的 url
浏览器当然会报重定向循环

Stlin

May 12, 2018

https 你用 80 端口？

caola

May 12, 2018

@yantianqi 你可以参考这样的配置 https://www.v2ex.com/t/286552#r_3285670

caola

May 12, 2018

@BFDZ 端口 80 和 443，可以不用分开写两个 server，可以参考上面 [/t/286552#r_3285670](/t/286552#r_3285670)

singer

PRO

May 12, 2018 via iPhone

@yantianqi #8 如果你要把两个端口监听放在一个 server 里写，你就要在 ssl on 之前对协议进行判断，如果是 http，就 301 到 https。参考下面的代码

if ($ssl_protocol = "") { return 301 https://$host$request_uri; }