帮助中心FAQ

 

工单:1391757

客户报障

购买SSL证书后子目录不能直接访问

提示:
400 Bad Request
The plain HTTP request was sent to HTTPS port
openresty/1.15.8.2

 

nginx一般情况下配置;

Server { listen 443;

server_name blog.yoodb.com;

charset UTF-8;

ssl on;

ssl_certificate /usr/local/nginx/conf/ssl/blog/2539791_blog.yoodb.com.pem; ssl_certificate_key /usr/local/nginx/conf/ssl/blog/2539791_blog.yoodb.com.key; ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

if ($scheme = http) {

return 301 https://$host$request_uri;

 }

location / {

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https;

proxy_pass http://172.17.6.114:8082;

 }

location ~*/upload/images/ {

expires 1h;

root /mnt/app/project/files;

}

location ~*/dynamic/images/ {

 expires 1h;

 root /mnt/app/project/files;

}

}

解决办法:

将上面配置文中的“ssl on; ” 注释掉或者修改成 “ssl off;”;“listen 443;”修改为“listen 443 ssl”;新增“listen 80”,这样Nginx就可以同时处理HTTP请求和HTTPS请求了,具体参考如下:

server {

    listen       80

    listen       443 ssl;

    server_name blog.yoodb.com;

    charset UTF-8;

    ssl_certificate   /usr/local/nginx/conf/ssl/blog/2539791_blog.yoodb.com.pem;

    ssl_certificate_key  /usr/local/nginx/conf/ssl/blog/2539791_blog.yoodb.com.key;

    ssl_session_timeout 5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    if ($scheme = http) {

        return 301 https://$host$request_uri;

    }

    location / {

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto https;

        proxy_pass http://172.17.6.114:8082;

    }

    location ~*/upload/images/ {

        expires 1h;

        root /mnt/app/project/files;

    }

    location ~*/dynamic/images/ {

        expires 1h;

        root /mnt/app/project/files;

    }

}

如果以上办法还不行可以进入服务器

cd /usr/gvpc/openresty/nginx/

vi conf.d/ssl.conf

临时屏蔽proxy_set_header Host $host:443;(注意:非必要不要做此操作)

重启nginx

 

参考nginx官方文档:

http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server