support http and https on the same port

Frank Liu gfrankliu at gmail.com
Wed Jul 25 17:26:20 UTC 2018


I just tried it quickly. nginx gives 400 instead of 497 when I connect as
http to a ssl virtual host.

server {
  listen       8443 ssl;
  server_name  localhost;

  ssl_certificate      /opt/nginx/ssl/localhost.crt;
  ssl_certificate_key  /opt/nginx/ssl/localhost.key;

  ssl_session_cache    shared:SSL:10m;
  ssl_session_timeout  10m;

}

curl -v http://localhost:8443
* About to connect() to localhost port 8443 (#0)
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8443 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:8443
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Server: nginx/1.15.2
< Date: Wed, 25 Jul 2018 17:23:24 GMT
< Content-Type: text/html
< Content-Length: 271
< Connection: close
<
<html>
<head><title>400 The plain HTTP request was sent to HTTPS
port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.15.2</center>
</body>
</html>
* Closing connection 0

Am I missing something?


On Wed, Jul 25, 2018 at 9:16 AM, Frank Liu <gfrankliu at gmail.com> wrote:

> Thanks Maxim!
> Is there a way to tell nginx to treat 497 as no error, and continue normal
> processing?
>
> On Wed, Jul 25, 2018 at 8:14 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
>> Hello!
>>
>> On Wed, Jul 25, 2018 at 07:46:49AM -0700, Frank Liu wrote:
>>
>> > Stream servers can now do ssl and non-ssl on the same port:
>> > https://www.nginx.com/blog/running-non-ssl-protocols-over-
>> ssl-port-nginx-1-15-2/
>> >
>> > Can this be added to http virtual hosts as well?
>> > If ssl is on a listening port and client doesn't send ClientHello, can
>> > nginx fallback to use normal http? Maybe introduce a new directive
>> > "fallback_http on;"?
>>
>> It is available since nginx 0.1.0, see the 497 error code here:
>>
>> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#errors
>>
>> It might not be a good idea to actually configure things that way
>> though.
>>
>> --
>> Maxim Dounin
>> http://mdounin.ru/
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180725/71f416ed/attachment.html>


More information about the nginx mailing list