Nginx configuration-SSL&The plain HTTP request was sent to HTTPS port solution

---

Prepare ssl certificate

You can apply for free certificates directly from the Alibaba Cloud console (20 per year, each with a one-year validity period),
or you can use self-signed certificates. Nginx solves the problem of accessing Https through openssl self-signed certificates and reporting insecure alarms

Configuration example

    upstream tomcatserver {
    
    
         server 127.0.0.1:8801 max_fails=3 fail_timeout=3s;
         server 127.0.0.1:8802 max_fails=3 fail_timeout=3s;         
    }
    
    server {
    
    
        listen       8888 ssl;
        server_name  localhost;
        
        ssl_certificate      /usr/local/nginx/ssl/nginx.pem;
        ssl_certificate_key  /usr/local/nginx/ssl/nginx.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
    
    
            proxy_pass http://tomcatserver/;
            client_max_body_size  500m;
            proxy_connect_timeout 300;
            proxy_http_version 1.1;
            proxy_send_timeout 300;
            proxy_read_timeout 300;
            proxy_set_header    Host             $http_host;
            proxy_set_header    X-Real-IP        $remote_addr;
            proxy_set_header    X-Real-Port      $remote_port;
            proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_redirect http:// https://;
        }

    }
    

Configure mandatory http access to also go https

After configuration, normal access through https, http access error is as follows:
400 Bad Request
The plain HTTP request was sent to HTTPS port

This is caused by a 497 error. Add a configuration as follows to force http access to https, and
error_page 497 301 https://$http_host$request_uri;
redirect 497, 301 and other error codes to https

    upstream tomcatserver {
    
    
         server 127.0.0.1:8801 max_fails=3 fail_timeout=3s;
         server 127.0.0.1:8802 max_fails=3 fail_timeout=3s;         
    }
    
    server {
    
    
        listen       8888 ssl;
        server_name  localhost;
        
        ssl_certificate      /usr/local/nginx/ssl/nginx.pem;
        ssl_certificate_key  /usr/local/nginx/ssl/nginx.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        
        error_page 497 301 https://$http_host$request_uri;

        location / {
    
    
            proxy_pass http://tomcatserver/;
            client_max_body_size  500m;
            proxy_connect_timeout 300;
            proxy_http_version 1.1;
            proxy_send_timeout 300;
            proxy_read_timeout 300;
            proxy_set_header    Host             $http_host;
            proxy_set_header    X-Real-IP        $remote_addr;
            proxy_set_header    X-Real-Port      $remote_port;
            proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_redirect http:// https://;
        }

    }