文章内容
2019/9/8 17:38:03,作 者: 黄兵
“400 Bad Request The plain HTTP request was sent to HTTPS port” Nginx
最近在设置全站https的时候,使用http访问,出现了如下错误:
400 Bad Request The plain HTTP request was sent to HTTPS port
nginx具体配置内容如下:
server {
listen 80;
listen [::]:80 ssl;
listen 443 ssl http2;
listen [::]:443 ssl;
server_name www.xxxxxxxxxx.com;
ssl on;
ssl_certificate /etc/ssl/private/www.xxx.com/1_www.xxxx.com_bundle.crt;
ssl_certificate_key /etc/ssl/private/www.xxxxx.com/2_www.xxxx.com.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#闁稿繈鍔庨悵鐥焧tps
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
try_files $uri @gunicorn_proxy;
}
location @gunicorn_proxy {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass http://0.0.0.0:5002;
# proxy_pass http://app;
proxy_connect_timeout 500s;
proxy_read_timeout 500s;
uwsgi_buffers 16 16k;
uwsgi_buffer_size 32k;
proxy_send_timeout 500s;
}
}造成这个错误的原因:
配置有误,当客户端尝试通过HTTP访问您的站点时,通过端口80,请求通过端口443重定向到HTTPS。但是,nginx期望通过端口443使用SSL到达。
如果使用https则不会出现这个问题。
解决方案:
直接设置访问80端口的时候重定向到443端口,具体配置内容如下:
server {
listen 80;
listen [::]:80 ssl;
server_name xxxxx.pdflibr.com;
rewrite ^ https://$server_name$uri last;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl;
server_name xxxx.pdflibr.com;
ssl on;
# 后面配置省略
...这样访问80端口(http)就可以直接跳转到443端口(https)。
问题到此解决。
参考资料:
1、“400 Bad Request The plain HTTP request was sent to HTTPS port” Nginx
黄兵个人博客原创。
转载请注明出处:黄兵个人博客 - “400 Bad Request The plain HTTP request was sent to HTTPS port” Nginx
评论列表