当使用http协议访问https端口时使nginx直接返回444
当使用http协议直接访问https端口时nginx会返回http 400状态码,同时显示400 Bad Request: The plain HTTP request was sent to HTTPS port,当使用非标https端口时这会直接暴露该端口为https端口,但如果我想尽量隐藏该https端口该如何操作呢?
一、nginx配置
# Forbidden Direct IP Access
server
{
listen 80 default_server;
http2 on;
server_name _;
return 444;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
}
server
{
listen 443 default_server;
http2 on;
server_name _;
error_page 497 = @refuse_access;
location @refuse_access {
return 444;
}
ssl_reject_handshake on;
ssl_certificate /etc/letsencrypt/live/xxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
}忽略http端口直接返回444状态而不是301转跳https的问题,首先分离http和https的server配置
error_page和location重定向方法参考这篇文章
二、测试
使用http协议访问https端口不再返回http 400错误,而是直接返回444状态码
三、参考文章
Nginx HTTPS 端口接收 HTTP 请求异常(The plain HTTP request was sent to HTTPS port)处理方案
文章作者:四文鱼Max
本文链接:https://blog.awolon.fun/archives/nginx-http-https-444.html
许可协议:CC BY-SA 4.0