nginx
针对前后端分离的项目,前端使用https访问,后端也必须用https进行接收。否则会出现400错误。
server {
listen 8888 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx/ssl/nginx.pem;
ssl_certificate_key /usr/local/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
error_page 497 301 https://$http_host$request_uri;
location / {
proxy_pass http://tomcatserver/;
client_max_body_size 500m;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// https://;
}
}
1、所有的http请求通过rewrite重写到https上即可
rewrite ^(*)$ https://$host$1 permanent;
2、配置强制http访问也走https
配置后通过https正常访问,http访问报错如下
400 Bad Request
The plain HTTP request was sent to HTTPS port
这是由于站点只允许https访问时,当用http访问时nginx会报出497错误码。增加一个配置如下,强制让http访问也转到https方式进行访问,
# 利用error_page命令将497 301状态码的链接重定向到域名上
error_page 497 301 https://$http_host$request_uri;