Fatal编程技术网
  • ssl/
  • Ssl nginx-禁用http到https重定向?

Ssl nginx-禁用http到https重定向?

ssl nginx

Ssl nginx-禁用http到https重定向?,ssl,nginx,Ssl,Nginx,我遵循了本教程,学习如何使用nginx为odoo创建反向代理 这里一切都很好。但问题在于证书。 每个浏览器都发誓我的自签名证书不可信。这是测试服务器,所以我现在不太关心安全性。我尝试使用证书和ssl禁用/注释所有内容。但nginx仍然重定向到https,当它找不到证书时,它只会给出以下错误: Unable to make a secure connection to the server. This may be a problem with the server, or it may be r

我遵循了本教程,学习如何使用nginx为odoo创建反向代理

这里一切都很好。但问题在于证书。 每个浏览器都发誓我的自签名证书不可信。这是测试服务器,所以我现在不太关心安全性。我尝试使用证书和ssl禁用/注释所有内容。但nginx仍然重定向到https,当它找不到证书时,它只会给出以下错误:

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have
但是,我如何才能忽略
https
,而使用
http
,而不进行任何加密呢?我是否需要调整nginx本身内部的某些内容

例如,使用apache,如果没有指定使用安全连接,那么它只使用普通的
http
,就是这样。希望其他人对nginx有更好的经验

我调整的配置如下所示(我只是注释了一些部分,并将重写更改为
http
,而不是
https
):

您只需要在80端口上注释掉重定向,然后在80端口上侦听。 这可以通过配置中的以下更新来实现

upstream odoo8 {
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}

upstream odoo8-im {
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}

## http redirects to https ##
#server {
#listen 80;
#server_name _;

# Strict Transport Security
#add_header Strict-Transport-Security max-age=2592000;
#rewrite ^/.*$ http://$host$request_uri? permanent;
#}

server {
# server port and name
# listen 443;  # comment out this line
listen 80;
server_name _;

# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;

# add ssl specific settings
#keepalive_timeout 60;
ssl off;
#ssl_certificate /etc/ssl/nginx/server.crt;
#ssl_certificate_key /etc/ssl/nginx/server.key;

# limit ciphers
#ssl_ciphers HIGH:!ADH:!MD5;
#ssl_protocols SSLv3 TLSv1;
#ssl_prefer_server_ciphers on;

# increase proxy buffer to handle some OpenERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;

#general proxy settings
# force timeouts if the backend dies
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

# Let the OpenERP web service know that we’re using HTTPS, otherwise
# it will generate URL using http:// and not https://
#proxy_set_header X-Forwarded-Proto https;

# by default, do not forward anything
proxy_redirect off;
proxy_buffering off;

location / {
proxy_pass http://odoo8;
}

location /longpolling {
proxy_pass http://odoo8-im;
}

# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the OpenERP web interface a bit.
location /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
谢谢这就成功了。但也存在浏览器缓存问题。当我这样更改它时,它仍在尝试
https
,但转到私人浏览,打开的页面没有
https
。可以使用禁用每个站点上导致https重定向的浏览器缓存 
upstream odoo8 {
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}

upstream odoo8-im {
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}

## http redirects to https ##
#server {
#listen 80;
#server_name _;

# Strict Transport Security
#add_header Strict-Transport-Security max-age=2592000;
#rewrite ^/.*$ http://$host$request_uri? permanent;
#}

server {
# server port and name
# listen 443;  # comment out this line
listen 80;
server_name _;

# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;

# add ssl specific settings
#keepalive_timeout 60;
ssl off;
#ssl_certificate /etc/ssl/nginx/server.crt;
#ssl_certificate_key /etc/ssl/nginx/server.key;

# limit ciphers
#ssl_ciphers HIGH:!ADH:!MD5;
#ssl_protocols SSLv3 TLSv1;
#ssl_prefer_server_ciphers on;

# increase proxy buffer to handle some OpenERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;

#general proxy settings
# force timeouts if the backend dies
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

# Let the OpenERP web service know that we’re using HTTPS, otherwise
# it will generate URL using http:// and not https://
#proxy_set_header X-Forwarded-Proto https;

# by default, do not forward anything
proxy_redirect off;
proxy_buffering off;

location / {
proxy_pass http://odoo8;
}

location /longpolling {
proxy_pass http://odoo8-im;
}

# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the OpenERP web interface a bit.
location /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;