SSL and port number [was: Rewrite -- failure]

Francis Daly francis at daoine.org
Wed Apr 29 16:47:32 UTC 2020


On Tue, Apr 28, 2020 at 02:56:09PM -0400, Paul wrote:
> On 2020-04-22 3:14 a.m., Francis Daly wrote:

Hi there,

> Thanks. I have the two sites "mostly" working now (full config below), but
> could you please expand on your comment ""listen 8001 ssl;" means that nginx
> will listen for https, so you must make requests to port 8001 using https
> not http."

nginx listens on an ip:port, and it expects exactly one protocol to be
spoken on that port.

I believe I see what may be the problem here...

> My problem is that app/server A (static html) is working perfectly, but
> app/server B works only if the user's browser requests specifically
> "https://... ", but returns a "400 Bad Request // The plain HTTP request was
> sent to HTTPS port // nginx" if the browser requests http (which I believe
> is the default for most browsers if you paste or type just the URL into
> them.)

...your server B has two server blocks.

One says "listen 8084 ssl"; the other says "listen 8084".

You want one to be https and the other to be http. Current nginx does
not support doing that. If you need it to be done, you must use something
other than current nginx.

Your access url is "https://myapps.example.com:8084/"

If someone tries to use "ftp://myapps.example.com:8084/", they will get an
error indication. If they try "http://myapps.example.com:8084/", they will
get an error indication. If they try "gopher://myapps.example.com:8084/",
they will get an error indication.

The error indication that current-nginx gives is "this is not a valid
https protocol request"; it does not try to guess what sort of protocol
request it actually is.

If you just remove the "listen 8084" from the second server, and invite
people to use the correct url (either "http://myapps.example.com/", or
"https://myapps.example.com:8084/"), then it should all Just Work.

Cheers,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list