nginx 反向代理同一个域名的不同端口

我的需求是：

同一个域名范文，通过指定 URL 访问具体的端口
不使用二级域名
全局 https，强制 http 转 https

现在我解决了，http 和 https 共存，且可以通过 http 访问指定 URL，但是当 https 访问时会 404

我的配置文件如下:

# sudo certbot certonly --webroot -w /usr/share/nginx/html/ -d hzzone.io
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	gzip on;
	gzip_disable "msie6";


	
	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

	server {
		listen 80;
        listen       443 ssl;

        # 域名，实际情况下时，将这个改成域名
        server_name  hzzone.io;

        ssl on;

        # 证书位置
        ssl_certificate  /etc/letsencrypt/live/hzzone.io/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/hzzone.io/privkey.pem;

        location /api {
	        proxy_pass http://localhost:1111/api;
	        proxy_http_version 1.1;
	        proxy_set_header Upgrade $http_upgrade;
	        proxy_set_header Connection "Upgrade";
	        proxy_set_header X-Real-IP $remote_addr;
	    }

	    location / {
	        proxy_pass https://localhost;
	    }
    }
}

为什么当我使用 http 访问 域名 /api/子目录 时，是正常的，而 https 却 404 呢？我看了 access log，根本没有转发。

请问是什么原因导致的这个问题？

Hzzone

2018-10-10 01:05:45 +08:00

我的 python 代码如下:
```python
from flask import Flask
app = Flask(__name__)

@app.route('/api/latex')
def hello_world():
return 'Hello World!'

if __name__ == "__main__":
context = ('/etc/letsencrypt/live/hzzone.io/fullchain.pem', '/etc/letsencrypt/live/hzzone.io/privkey.pem')
# app.run(host='0.0.0.0', ssl_context=context, port=1111)
app.run(host='0.0.0.0', ssl_context=context, port=1111)
```

即使我 flask 也使用 https，http 访问 502 Bad Gateway，https 访问 404 Not Found，即使我改成 `http://localhost:1111/api;`

maojy1989

2018-10-10 09:35:25 +08:00

server {
listen 80;
server_name xxxx.com;
server_name www.xxxx.com;
access_log /home/wwwlogs/xxxx.access.log;
root /home/wwwroot/xxxx;
include enable-php.conf;
location / {
return 301 https://www.xxxx.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name www.xxxx.com;
root /home/wwwroot/xxxx;
ssl_certificate xxxx.pem;
ssl_certificate_key xxxx.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
include enable-php.conf;
location / {
include wordpress.conf;
index index.php index.html index.htm;
}
location /api {
proxy_pass http://127.0.0.1:3000/api;
}
}

Hzzone

2018-10-10 09:38:35 +08:00

此贴结束，最终配成功了，需求如下:
http 全部转 https
指定 url 转发，例如域名 /api/latex 转发域名:1111/api/latex

配置文件如下:
```
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}
http {
server {
listen 80;
server_name 域名;
rewrite ^/(.*) https://hzzone.io/$1 permanent;
}

server {
listen 443;

ssl on;
ssl_certificate /etc/letsencrypt/live/hzzone.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hzzone.io/privkey.pem;

server_name 域名;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

# location / {
# checks for static files; if not found, proxy to app
# try_files $uri @proxy_to_app;
# }

location /api {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;

proxy_pass http://localhost:1111/api;
}

}
}
```