Nginx 400 Bad Request: The plain HTTP request was sent to HTTPS port

Nginx

Nginx HTTP服务器的报错“400 Bad Request: The plain HTTP request was sent to HTTPS port”，本文将讲解如何解决这个问题。简单从报错的字面意思上来看，是因为HTTP请求被发送到HTTPS端口，这种报错多出现在Nginx既处理HTTP请求又处理HTTPS请求的情况。

以下是Nginx常用的SSL配置（出于安全原因，我们使用了本站域名），配置文件将让Nginx侦听80和443端口，并将所有的HTTP请求重定向到HTTPS：

server {listen       443;server_name blog.yoodb.com;charset UTF-8;ssl on;ssl_certificate   /usr/local/nginx/conf/ssl/blog/2539791_blog.yoodb.com.pem;ssl_certificate_key  /usr/local/nginx/conf/ssl/blog/2539791_blog.yoodb.com.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;if ($scheme = http) {return 301 https://$host$request_uri;}location / {proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto https;proxy_pass http://172.17.6.114:8082;}location ~*/upload/images/ { expires 1h;root /mnt/app/project/files;}location ~*/dynamic/images/ {expires 1h;root /mnt/app/project/files;}
}

以上的配置看上去都很正常，但是用户请求如果通过80端口来访问网站时，例如使用http://blog.yoodb.com，那么这个请求就会在浏览器收到错误nginx 400 bad request“The plain HTTP request was sent to HTTPS port”.
Nginx报这种错误是因为每一次用户请求试图通过HTTP访问你的网站，这个请求被重定向到HTTPS。于是Nginx预计使用SSL交互，但原来的请求（通过端口80接收）是普通的HTTP请求，于是会产生错误。

另一方面，如果一个用户使用https://blog.yoodb.com访问网站，他们就不会遇到上述错误。此外，如果你有其他的网站配置为不使用SSL，Nginx会尝试使用HTTPS，这种情况下也会造成上述错误。

解决办法：

将上面配置文中的“ssl on; ” 注释掉或者修改成 “ssl off;”；“listen 443;”修改为“listen 443 ssl”；新增“listen 80”，这样Nginx就可以同时处理HTTP请求和HTTPS请求了，具体参考如下：

server {listen       80listen       443 ssl;server_name blog.yoodb.com;charset UTF-8;ssl_certificate   /usr/local/nginx/conf/ssl/blog/2539791_blog.yoodb.com.pem;ssl_certificate_key  /usr/local/nginx/conf/ssl/blog/2539791_blog.yoodb.com.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;if ($scheme = http) {return 301 https://$host$request_uri;}location / {proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto https;proxy_pass http://172.17.6.114:8082;}location ~*/upload/images/ { expires 1h;root /mnt/app/project/files;}location ~*/dynamic/images/ {expires 1h;root /mnt/app/project/files;}
}

java redirect重定向https跳转http问题，如果https访问nginx通过nginx proxy_pass到http的tomcat服务正常能够访问，但是java redirect就跳转到http，导致报错“400 Bad Request: The plain HTTP request was sent to HTTPS port”。
解决办法：

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://172.17.6.114:8082;
proxy_redirect http:// https://;

实现流程是根据nginx的不同执行阶段，来完成Location http到https。
1）proxy_pass执行前，先设置了request head host 为https外网访问的域名+端口
2）proxy_pass执行后，tomcat结果返回response
3）proxy_redirect修改response中的location中的协议http为https外网访问的协议。
注：java redirect重定向主要是通过访问tomcat服务的请求head项来决定的，默认是http协议，域名是通过读取host地址，默认host中不包括访问端口。

第二种

server{listen 80;server_name example.com www.example.com;return 301 https://www.example.com$request_uri;
}server {listen 443 ssl http2;server_name example.com www.example.com;root   /var/www/html/example.com/;index index.php index.html index.htm;access_log /var/log/nginx/example.com/example.com_access_log;error_log   /var/log/nginx/example.com/example.com_error_log   error;ssl on;ssl_certificate /etc/ssl/certs/example_com_cert_chain.crt;ssl_certificate_key /etc/ssl/private/example_com.key;ssl_session_timeout       5m;ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers               AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;ssl_prefer_server_ciphers on;include /etc/nginx/ssl.d/ssl.conf;location / {proxy_set_header  X-Real-IP  $remote_addr;proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header  Host $http_host;proxy_redirect    off;expires           off;sendfile          off;proxy_pass        http://wpdev;#  try_files $uri $uri/ /index.php?$query_string;}
}

  location / {proxy_set_header Host $host:$server_port;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;#判断是https请求，就直接跳转，然后断开这个连接不希望往下执行if ($scheme = 'https') {proxy_pass http://gatewayservice;     break;}#上面做了判断，所以现在是http访问，会跟下面location的@http_to_https进行关联try_files $uri $uri/ @http_to_https;  index  index.html index.htm;}location @http_to_https {proxy_set_header Host $host:$server_port;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_pass http://gatewayservice;}

proxy_redirect http:// $scheme://;

另外通过错误页面重定向
解决思路
将此错误页面重定向到指定的https地址即可

解决方法
假设端口号是8443:

server {
listen 8443 ssl;
ssl_certificate ssl_cert.pem;
ssl_certificate_key ssl_server.key;
server_name your_domain.com;
error_page 497 https://hosthosthosturi?$args;
location / {
…
}
}

另外，如果是自有域名，http和https端口都使用默认端口的话，只要将http的请求重定向到https即可

server {
listen 80;
listen 443 ssl;
ssl_certificate ssl_cert.pem;
ssl_certificate_key ssl_server.key;
server_name your_domain.com;
if (KaTeX parse error: Expected '}', got 'EOF' at end of input: …rn 301 https://hosturi?uri?uri?args;
}
location / {
…
}
}

server
{# 开启Httpslisten 443 ssl;# 配置证书，免费证书怎么申请这边就不多说了。在晚上搜索腾讯云或者阿里云免费证书申请即可ssl_certificate /etc/nginx/conf.d/cert/4351595_www.xxx.pem;ssl_certificate_key /etc/nginx/conf.d/cert/4351595_www.xxx.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;server_name xxx;index index.html index.htm index.php;root /data/wwwroot/wordpress;error_log /var/log/nginx/wordpress-error.log crit;access_log /var/log/nginx/wordpress-access.log;# 这边用于包含其他配置include extra/*.conf;include conf.d/rewrite/wordpress.conf;}# 将Http请求转化成Https请求
server {listen 80;server_name xxx;rewrite ^/(.*) https://$server_name$request_uri? permanent;//rewrite ^(.*)$ https://${server_name}$1 permanent; // 或者 return 301 https://$server_name$request_uri;// rewrite ^(.*)$ https://$host$1 permanent;
}

Nginx 400 Bad Request: The plain HTTP request was sent to HTTPS port相关推荐

ingress 400 Bad Request The plain HTTP request was sent to HTTPS port
问题现象访问时返回400 Bad Request,并提示The plain HTTP request was sent to HTTPS port. 问题原因 Ingress Controller到 ...
Nginx配置-SSLThe plain HTTP request was sent to HTTPS port解决
Nginx配置-SSL 准备ssl证书配置示例配置强制http访问也走https 准备ssl证书可以直接从阿里云控制台申请免费证书(每年20个,每个有一年有效期) 也可以使用自签证书,Nginx ...
Nginx 400 Bad Request
400 Bad Request是一种HTTP错误状态码.HTTP/1.1对400 Bad Request的定义主要是:1.语义有误,当前请求无法被服务器理解.除非进行修改,否则客户端不应该重复提交这个 ...
解决The plain HTTP request was sent to HTTPS port
问题现在越来越多的网站要求http访问转为更为安全的https访问,很多使用nginx部署的前端应用可以很方便的使用反向代理来实现,切换后,用http访问就会出现 "The plain H ...
使用nginx做反代时遇到413 Request Entity Too Large的解决方法
使用nginx做反代时遇到413 Request Entity Too Large的解决方法参考文章: (1)使用nginx做反代时遇到413 Request Entity Too Large的解决 ...
nginx 400状态码排查
最近,发现主站nginx的log中有很多400的错误,每天有几千万条,故决定对产生400错误的原因进行排查.分析nginx log,发现这种无效的400请求,总是在一个正常访问之后产生,一般出现一个或 ...
说说Request.Params[key]和Request[key]
摘要其实你一看到,就应该会想到,这个不简单吗,不就是服务端接收参数的两种方式吗?是的.在asp.net编程中,QueryString.Form.Cookie是三种比较常见的接收客户端参数的方式.Qu ...
安装nrm，报错request@2.88.2: request has been deprecated, see https://github.com/request/request/issu
安装nrm,请求被拒绝:fetchMetadata: WARN deprecated request@2.88.2: request has been deprecated 先切换到淘宝镜像源: np ...
response.sendRedirect(url)与request.getRequestDispatcher(url).forward(request,response)的区别
response.sendRedirect(url)跳转到指定的URL地址,产生一个新的request,所以要传递参数只有在url后加参数,如: url?id=1. request.getReques ...
java中的request对象_java中request对象各种方法的使用实例分析
本文实例讲述了java中request对象各种方法的使用.分享给大家供大家参考,具体如下: request对象是从客户端向服务器端发出请求,包括用户提交的信息以及客户端的一些信息.request对象是 ...

Nginx 400 Bad Request: The plain HTTP request was sent to HTTPS port

Nginx

Nginx 400 Bad Request: The plain HTTP request was sent to HTTPS port相关推荐

最新文章

热门文章