如何配置Nginx将HTTP 80流量重定向到https 8443端口

时间:2019-03-17 15:54:02

标签: spring-boot nginx

我有一个Springboot应用程序在端口8443上的云计算机中运行。在同一台计算机上,我有一个Nginx服务器。

今天我访问了https://www.example.com,它可以正常工作,但是如果我输入www.example.com并尝试访问它,则不会重定向到https://www.example.com

换句话说,所有http 80流量都应重定向到https 8443

这是我的配置(Springboot应用程序+ Nginx)

Springboot application.properties

server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/www.example.com/keystore.p12
server.ssl.key-store-password=www.example.com
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=myAlias

Nginx /etc/nginx/nginx.conf

pid /run/nginx.pid;

events {
    worker_connections 768;
}

http {

    log_format formatWithUpstreamLogging '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request';

    #main log format
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                               '$status $body_bytes_sent "$http_referer" '
                               '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log main;
    error_log   /var/log/nginx/error.log;

    server {

        listen 80;

        server_name www.example.com example.com;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

        # managed by Certbot
        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass https://localhost:8443/;
                proxy_redirect http://localhost:8443/ https://localhost:8443/;
       }

    }

}

有人可以帮我吗?

预先感谢

1 个答案:

答案 0 :(得分:0)

我认为您应该做的是将重定向服务器设置为https,然后为主服务器添加ssl(以防万一出问题,创建Nginx配置文件的备份):

Nginx /etc/nginx/nginx.conf 中:

pid /run/nginx.pid;

events {
    worker_connections 768;
}

http {

    log_format formatWithUpstreamLogging '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request';

    #main log format
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                               '$status $body_bytes_sent "$http_referer" '
                               '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log main;
    error_log   /var/log/nginx/error.log;

    server {
        listen 80 default_server;
        server_name www.example.com example.com;
        return 301 https://$server_name$request_uri;
    }

    server {
        listen 8443 ssl default_server;
        server_name www.example.com example.com;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

        # managed by Certbot
        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass https://localhost:8443/;
                proxy_redirect http://localhost:8443/ https://localhost:8443/;
       }

    }

}