对于Web而已,80端口和443端口是十分重要的,原则上需要输入http://domain.com:80才可以浏览网页的,但由于默认端口是80,所以‘:80’可以忽略。同理对于https的443端口也一样。
一台服务器上往往会同时有多个服务,如我就在服务器上使用Nginx跑着博客,还搭建了Jellyfin 媒体中心。Jellyfin的默认HTTP 端口号8096,HTTPS 端口号:8920这些服务都希望监听80、443端口,如果直接改Jellyfin端口号到80、443肯定是不行的,这时候我们可以使用nginx的代理转发功能帮我们实现共用80、443端口的需求。
以OneinStack搭建的Nginx环境为例:
在目录/usr/local/nginx/conf/vhost中新建一个配置文件,如:jellyfin.conf。
配置内容如下:
server {
listen 80;
server_name v.qingsay.com;
location / {
proxy_pass http://127.0.0.1:8096;
proxy_set_header Host $host:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
}
}
server {
listen 443 ssl http2;
server_name v.qingsay.com;
ssl_certificate /usr/local/nginx/conf/ssl/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/qingsay.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 60m;
location / {
proxy_pass https://127.0.0.1:8920;
proxy_set_header Host $host:80;
proxy_ssl_server_name on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
}
}
保存 Nginx 配置后,重启 Nginx。
service nginx restart
如果想要http自动跳转到https可以将
server {
listen 80;
server_name v.qingsay.com;
location / {
proxy_pass http://127.0.0.1:8096;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
}
}
改成
server {
listen 80;
server_name v.qingsay.com;
return 301 https://$host$request_uri;
}
这样我用就可以通过http://v.qingsay.com和https://v.qingsay.com访问到我的Jellyfin,用不再加端口号。
