问下这种情况下nginx如何配置呢?

情况是这样的,我有个域名,指向一个公网服务器,然后我给这个域名申请了ssl证书,然后我客户服务器是一个对外ip加端口能访问
如我域名是 test.com
然后客户服务器访问80端口是通过123.56.12.999:8989
然后我做了一个转发

server {
        listen 443 ssl http2;
        server_name test.com;

        ssl_certificate  "test.com.crt";
        ssl_certificate_key "test.com.key";
        location / {
                proxy_pass http://123.56.12.999:8989;
                proxy_redirect off;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                server_tokens off;
        }
}

就是我用的是https访问,但是前端获取到的是http,不知为什么?

《L03 构架 API 服务器》
你将学到如 RESTFul 设计风格、PostMan 的使用、OAuth 流程,JWT 概念及使用 和 API 开发相关的进阶知识。
《G01 Go 实战入门》
从零开始带你一步步开发一个 Go 博客项目,让你在最短的时间内学会使用 Go 进行编码。项目结构很大程度上参考了 Laravel。
最佳答案

给你参考

server { listen 80; server_name www.xxxx.com

return 301 https://$server_name$request_uri;

}

server { listen 443 ssl; server_name www.xxx.com;

ssl_certificate  /etc/nginx/www.xxx.pem;
ssl_certificate_key /etc/nginx/www.xxxx.key;

location / {
    proxy_pass http://127.0.0.1:8488;    //转发的端口
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Additional SSL configurations if needed
    # ssl_protocols TLSv1.2 TLSv1.3;
    # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
    # ssl_prefer_server_ciphers on;
    # ssl_session_cache shared:SSL:10m;
    # ssl_session_timeout 10m;
}

}

1个月前 评论
讨论数量: 3

给你参考

server { listen 80; server_name www.xxxx.com

return 301 https://$server_name$request_uri;

}

server { listen 443 ssl; server_name www.xxx.com;

ssl_certificate  /etc/nginx/www.xxx.pem;
ssl_certificate_key /etc/nginx/www.xxxx.key;

location / {
    proxy_pass http://127.0.0.1:8488;    //转发的端口
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Additional SSL configurations if needed
    # ssl_protocols TLSv1.2 TLSv1.3;
    # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
    # ssl_prefer_server_ciphers on;
    # ssl_session_cache shared:SSL:10m;
    # ssl_session_timeout 10m;
}

}

1个月前 评论
sanders

可能我理解的有偏差,前端想用什么协议访问,原则上服务端控制不了。服务端只能接受或拒绝,不如看看前端代码是不是写死的 http 协议部分。还有种方式是将 80 端口的请求进行重定向到 443 端口,但不太推荐这种做法。

1个月前 评论

“前端获取的是http” 啥意思,配置参考 cloud.tencent.com/document/product...

listen 80;
listen 443 ssl http2;
server_name x.com;

ssl_certificate x_bundle.crt;
ssl_certificate_key x.com.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497  https://$host$request_uri;
1个月前 评论

讨论应以学习和精进为目的。请勿发布不友善或者负能量的内容,与人为善,比聪明更重要!