Dealing with nginx 400 “The plain HTTP request was sent to HTTPS port” error

后端 未结 8 931
不思量自难忘°
不思量自难忘° 2020-11-28 02:04

I\'m running a Sinatra app behind passenger/nginx. I\'m trying to get it to respond to both http and https calls. The problem is, when both are defined in the server block h

相关标签:
8条回答
  • 2020-11-28 02:35

    The error says it all actually. Your configuration tells Nginx to listen on port 80 (HTTP) and use SSL. When you point your browser to http://localhost, it tries to connect via HTTP. Since Nginx expects SSL, it complains with the error.

    The workaround is very simple. You need two server sections:

    server {
      listen 80;
    
      // other directives...
    }
    
    server {
      listen 443;
    
      ssl on;
      // SSL directives...
    
      // other directives...
    }
    
    0 讨论(0)
  • 2020-11-28 02:37

    The above answers are incorrect in that most over-ride the 'is this connection HTTPS' test to allow serving the pages over http irrespective of connection security.

    The secure answer using an error-page on an NGINX specific http 4xx error code to redirect the client to retry the same request to https. (as outlined here https://serverfault.com/questions/338700/redirect-http-mydomain-com12345-to-https-mydomain-com12345-in-nginx )

    The OP should use:

    server {
      listen        12345;
      server_name   php.myadmin.com;
    
      root         /var/www/php;
    
      ssl           on;
    
      # If they come here using HTTP, bounce them to the correct scheme
      error_page 497 https://$host:$server_port$request_uri;
    
      [....]
    }
    
    0 讨论(0)
  • 2020-11-28 02:46

    if use phpmyadmin add: fastcgi_param HTTPS on;

    0 讨论(0)
  • 2020-11-28 02:56

    According to wikipedia article on status codes. Nginx has a custom error code when http traffic is sent to https port(error code 497)

    And according to nginx docs on error_page, you can define a URI that will be shown for a specific error.
    Thus we can create a uri that clients will be sent to when error code 497 is raised.

    nginx.conf

    #lets assume your IP address is 89.89.89.89 and also 
    #that you want nginx to listen on port 7000 and your app is running on port 3000
    
    server {
        listen 7000 ssl;
     
        ssl_certificate /path/to/ssl_certificate.cer;
        ssl_certificate_key /path/to/ssl_certificate_key.key;
        ssl_client_certificate /path/to/ssl_client_certificate.cer;
    
        error_page 497 301 =307 https://89.89.89.89:7000$request_uri;
    
        location / {
            proxy_pass http://89.89.89.89:3000/;
    
            proxy_pass_header Server;
            proxy_set_header Host $http_host;
            proxy_redirect off;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Protocol $scheme;
        }
    }
    

    However if a client makes a request via any other method except a GET, that request will be turned into a GET. Thus to preserve the request method that the client came in via; we use error processing redirects as shown in nginx docs on error_page

    And thats why we use the 301 =307 redirect.

    Using the nginx.conf file shown here, we are able to have http and https listen in on the same port

    0 讨论(0)
  • 2020-11-28 02:56

    I had the exact same issue, I have kind of the same configuration as your exemple and I got it working by removing the line :

    ssl on;

    To quote the doc:

    If HTTP and HTTPS servers are equal, a single server that handles both HTTP and HTTPS requests may be configured by deleting the directive “ssl on” and adding the ssl parameter for *:443 port

    0 讨论(0)
  • 2020-11-28 02:56

    Actually you can do this with:

    ssl off; 
    

    This solved my problem in using nginxvhosts; now I am able to use both SSL and plain HTTP. Works even with combined ports.

    0 讨论(0)
提交回复
热议问题