Nginx is configured with SSL certificates, but HTTP is accessible, HTTPS is not
Check whether port 443 is open
- The security policy group of Tencent cloud and Ali Cloud permits ports
80and443 - Firewall ports have been released. Logging In to the server using SSH (centos as an example)
- Centos through
firewall-cmd --list-allCheck whether port 443 is open - If not, run
firewall-cmd --zone=public --add-port=443/tcp --permanent systemctl restart firewalldRestarting the Firewall takes Effect
- Centos through
Check whether the certificate is correctly configured
server { listen 443 ssl; server_name your domain; client_max_body_size 1024m; ssl_certificate /www/server/nginx/conf/cert/555.pem; ssl_certificate_key /www/server/nginx/conf/cert/555.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; }Copy the codeDescription Forcing HTTP to switch to HTTPS prompts excessive redirection
You use therewriteAnd listen on the same server simultaneously80and443
Solution: Split 80 and 443 to different servers. Do 301 redirection in 80. The following configuration files are for reference only.
Upstream halo {server 127.0.0.1:8090; } server { listen 80; return 301 https://yourdomain$request_uri; } server { listen 443 ssl; server_name yourdomain; client_max_body_size 1024m; #charset koi8-r; ssl_certificate /www/server/nginx/conf/cert/xxx.pem; ssl_certificate_key /www/server/nginx/conf/cert/xxx.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; #access_log logs/host.access.log main; location / { proxy_pass http://halo; proxy_set_header HOST $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root html; }}Copy the code