[英]Docker nginx can't use http and https at the same time
I am using the latest docker nginx. 我正在使用最新的docker nginx。 I want to use both http and https to access my website. 我想同时使用http和https来访问我的网站。 This is my nginx config so far: 到目前为止,这是我的nginx配置:
upstream backends {
server app:8080;
}
server {
listen 80;
listen 443 ssl;
server_name example.com;
# SSL
# ssl on;
ssl_certificate /etc/ssl/certs/214577452530751.pem;
ssl_certificate_key /etc/ssl/certs/214577452530751.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#proxy to webs
location ~.*/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backends;
}
}
But When I accessed my server, just the http is valid. 但是当我访问服务器时,只有http有效。 And for the https, nginx will gives a binary logs: 对于https,nginx将给出一个二进制日志:
nginx | 120.236.174.140 - - [06/Apr/2018:19:04:40 +0000] "\x16\x03\x01\x00\xC3\x01\x00\x00\xBF\x03\x03T\xF7v\x15gk\x04\xE2\xC5\xB3\x8B\x10\xAA\xE0\x1C\xA4[\xCE\x01z\xCC\x81\x19\x93\xC6\x11T5\x02\xD7$7\x00\x00\x1CZZ\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 174 "-" "-" "-"
And the curl
as follow: 和curl
如下:
kangbb@udo:~$ curl -L https://example.com
curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.
Where I had written fault? 我在哪里写错了? Can anyone give me some adivce? 有人可以给我一些地方吗? Thank you very much! 非常感谢你!
You have to seperate them out. 您必须将它们分开。 There's a bunch of SSL stuff going on with a supposedly HTTP connection. 所谓的HTTP连接中包含大量SSL内容。 Uncomment ssl on;
取消注释ssl on;
in the one with port 443. Create another server that listens on port 80. 在带有端口443的服务器中。创建另一个在端口80上侦听的服务器。
upstream backends {
server app:8080;
}
server {
listen 443 ssl;
server_name example.com;
# SSL
ssl on;
ssl_certificate /etc/ssl/certs/214577452530751.pem;
ssl_certificate_key /etc/ssl/certs/214577452530751.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#proxy to webs
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backends;
}
}
server {
listen 80;
server_name example.com;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backends;
}
}
For docker niginx, it will give you two ports, 80 and 443. If you want to use it for http, bind 80; 对于docker niginx,它将为您提供两个端口80和443。 If you want to use it for https, bind 443. 如果要将其用于https,请绑定443。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.