support http and https on the same port

Frank Liu gfrankliu at gmail.com
Wed Jul 25 18:37:20 UTC 2018


I tried:

error_page 497 $request_uri;

It is kind of working, and I get the correct content/code back, but the
response header is still has 400:

HTTP/1.1 400 Bad Request

My use case has nginx as a reverse proxy, and the real response code from
upstream is dropped though the response body and other headers are retained.

I also tried:
error_page 497 =200 $request_uri;
and now I get:
HTTP/1.1 200 OK
instead of real response code from upstream.








On Wed, Jul 25, 2018 at 10:26 AM, Frank Liu <gfrankliu at gmail.com> wrote:

> I just tried it quickly. nginx gives 400 instead of 497 when I connect as
> http to a ssl virtual host.
>
> server {
>   listen       8443 ssl;
>   server_name  localhost;
>
>   ssl_certificate      /opt/nginx/ssl/localhost.crt;
>   ssl_certificate_key  /opt/nginx/ssl/localhost.key;
>
>   ssl_session_cache    shared:SSL:10m;
>   ssl_session_timeout  10m;
>
> }
>
> curl -v http://localhost:8443
> * About to connect() to localhost port 8443 (#0)
> *   Trying 127.0.0.1...
> * Connected to localhost (127.0.0.1) port 8443 (#0)
> > GET / HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: localhost:8443
> > Accept: */*
> >
> < HTTP/1.1 400 Bad Request
> < Server: nginx/1.15.2
> < Date: Wed, 25 Jul 2018 17:23:24 GMT
> < Content-Type: text/html
> < Content-Length: 271
> < Connection: close
> <
> <html>
> <head><title>400 The plain HTTP request was sent to HTTPS
> port</title></head>
> <body bgcolor="white">
> <center><h1>400 Bad Request</h1></center>
> <center>The plain HTTP request was sent to HTTPS port</center>
> <hr><center>nginx/1.15.2</center>
> </body>
> </html>
> * Closing connection 0
>
> Am I missing something?
>
>
> On Wed, Jul 25, 2018 at 9:16 AM, Frank Liu <gfrankliu at gmail.com> wrote:
>
>> Thanks Maxim!
>> Is there a way to tell nginx to treat 497 as no error, and continue
>> normal processing?
>>
>> On Wed, Jul 25, 2018 at 8:14 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
>>
>>> Hello!
>>>
>>> On Wed, Jul 25, 2018 at 07:46:49AM -0700, Frank Liu wrote:
>>>
>>> > Stream servers can now do ssl and non-ssl on the same port:
>>> > https://www.nginx.com/blog/running-non-ssl-protocols-over-ss
>>> l-port-nginx-1-15-2/
>>> >
>>> > Can this be added to http virtual hosts as well?
>>> > If ssl is on a listening port and client doesn't send ClientHello, can
>>> > nginx fallback to use normal http? Maybe introduce a new directive
>>> > "fallback_http on;"?
>>>
>>> It is available since nginx 0.1.0, see the 497 error code here:
>>>
>>> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#errors
>>>
>>> It might not be a good idea to actually configure things that way
>>> though.
>>>
>>> --
>>> Maxim Dounin
>>> http://mdounin.ru/
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180725/757be7f9/attachment-0001.html>


More information about the nginx mailing list