nginx配置了SSL证书,但是http能访问,https不行


检查443端口是否已经开放

  • 腾讯云和阿里云的安全策略组里面放行端口80443
  • 防火墙端口放开。通过SSH登录到服务器(centos为例)
    • centos通过firewall-cmd --list-all查看是否开放了443端口
    • 若没有,运行firewall-cmd --zone=public --add-port=443/tcp --permanent
    • systemctl restart firewalld重启防火墙生效

检查证书是否配置正确

    server {
        listen 443 ssl;
        server_name your domain;
        client_max_body_size 1024m;

        ssl_certificate /www/server/nginx/conf/cert/555.pem;
        ssl_certificate_key /www/server/nginx/conf/cert/555.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
    }

强制http跳转到https,提示重定向过多


你使用了rewrite,并且在一个server里面同时监听了80443

解决方法:80443分别拆分到不同的server,80里面做301重定向,下面是配置文件,仅供参考。

   upstream halo {
        server 127.0.0.1:8090;
    }
    server {
        listen 80;
        return 301 https://yourdomain$request_uri;
    }
    server {
        listen 443 ssl;
        server_name yourdomain;
        client_max_body_size 1024m;

        #charset koi8-r;

        ssl_certificate /www/server/nginx/conf/cert/xxx.pem;
        ssl_certificate_key /www/server/nginx/conf/cert/xxx.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        #access_log  logs/host.access.log  main;
        location / {
            proxy_pass http://halo;
            proxy_set_header HOST $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For
            $proxy_add_x_forwarded_for;
        }
        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root html;
        }
    }