Working with nginx 400 "A simple HTTP request was sent to an HTTPS port"

Question

Working with nginx 400 "A simple HTTP request was sent to an HTTPS port"

I run the Sinatra app behind the passenger / nginx. I am trying to get it to answer http and https calls. The problem is that when both are defined on the server block, https requests respond normally, but http gives 400 "A simple HTTP request was sent to the HTTPS port." This is for a static page, so I assume that Sinatra has nothing to do with it. Any ideas on how to fix this?

Here is the server block:

server { listen 80; listen 443 ssl; server_name localhost; root /home/myhome/app/public; passenger_enabled on; ssl on; ssl_certificate /opt/nginx/ssl_keys/ssl.crt; ssl_certificate_key /opt/nginx/ssl_keys/ssl.key; ssl_protocols SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; location /static { root /home/myhome/app/public; index index.html index.htm index.php; } error_page 404 /404.html; # redirect server error pages to the static page /50x.html error_page 500 /500.html; access_log /home/myhome/app/logs/access.log; error_log /home/myhome/app/logs/error.log; }

+104

nginx

Johnny Jan 07 '12 at 10:21

source share

9 answers

The above answers are incorrect in that the majority of polls of the “this HTTPS connection” test allow serving pages via http regardless of the connection security.

Secure response using the error page at the specific NGINX http 4xx URL to redirect the client to repeat the same https request. (as described here https://serverfault.com/questions/338700/redirect-http-mydomain-com12345-to-https-mydomain-com12345-in-nginx )

The OP should use:

 server { listen 12345; server_name php.myadmin.com; root /var/www/php; ssl on; # If they come here using HTTP, bounce them to the correct scheme error_page 497 https://$host:$server_port$request_uri; [....] }

+30

Michael J. Evans Sep 26

source share

The error actually says it. Your configuration tells Nginx to listen on port 80 (HTTP) and use SSL. When you point the browser to http://localhost , it tries to connect via HTTP. Since Nginx expects SSL, it complains about the error.

The workaround is very simple. You need two server sections:

 server { listen 80; // other directives... } server { listen 443; ssl on; // SSL directives... // other directives... }

+17

Alexander Azarov Jan 07 2018-12-12T00:

source share

I had the same problem, I have the same configuration as your example, and I got it by deleting the line:

ssl on;

To quote a document:

If the HTTP and HTTPS servers are equal, one server that processes HTTP and HTTPS requests can be configured by removing the "ssl on" directive and adding the ssl parameter for the port: 443

+12

Remiz Nov 22 '12 at 16:33

source share

According to the wikipedia article on status codes . Nginx has its own error code when HTTP traffic is sent to the https port (error code 497)

And according to the nginx docs on the error_page, you can specify the URI to be shown for a particular error.
Thus, we can create a uri to which clients will be sent when error code 497 is raised.

nginx.conf

 #lets assume your IP address is 89.89.89.89 and also #that you want nginx to listen on port 7000 and your app is running on port 3000 server { listen 7000 ssl; ssl_certificate /path/to/ssl_certificate.cer; ssl_certificate_key /path/to/ssl_certificate_key.key; ssl_client_certificate /path/to/ssl_client_certificate.cer; error_page 497 301 =307 https://89.89.89.89:7000$request_uri; location / { proxy_pass http://89.89.89.89:3000/; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; } }

However, if the client makes a request using any method other than GET, this request will be passed to GET. Thus, to save the request method through which the client came through; we use error handling redirection, as shown in nginx docs on the error_page page

And so we use 301 =307 redirection.

Using the nginx.conf file shown here, we can connect HTTP and https to the same port

+11

Komu Feb 04 '15 at 13:56 on

source share

Below is an example of HTTP and HTTPS configuration in the same configuration block with ipv6 support. The configuration is tested on Ubuntu server and NGINX / 1.4.6 , but this should work with all servers.

 server { # support http and ipv6 listen 80 default_server; listen [::]:80 default_server ipv6only=on; # support https and ipv6 listen 443 default_server ssl; listen [::]:443 ipv6only=on default_server ssl; # path to web directory root /path/to/example.com; index index.html index.htm; # domain or subdomain server_name example.com www.example.com; # ssl certificate ssl_certificate /path/to/certs/example_com-bundle.crt; ssl_certificate_key /path/to/certs/example_com.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; }

Do not enable ssl on , which may cause a 400 error. The configuration above should work for

http://example.com
http://www.example.com
https://example.com
https://www.example.com

Hope this helps!

+7

Madan Sapkota Jan 01 '15 at 4:32

source share

You can actually do this with

 ssl off;

This solved my problem when using nginxvhosts; Now I can use both SSL and simple HTTP. Works even with combo ports.

+4

rapan iosif Feb 20 '12 at 17:02

source share

if phpmyadmin add is used: fastcgi_param HTTPS on;

+4

Rodrigo Gregorio Mar 31 2018-12-12T00:

source share

Link https://serversforhackers.com/c/redirect-http-to-https-nginx

i had similar problems like

http://www.example.com giving 400 error The plain HTTP request was sent to HTTPS but

if I type https://www.example.com, it worked fine,

I wanted slove to redirect http to https automatically when the user enters http://www.example.com

decision

I made two server blocks, one for port 80, and the other for SSL 443 in a port 80 block, following the procedure below

 server { listen 80; server_name example.com, www.example.com; return 301 https://$host$request_uri; }

and another server block for port 443 for ssl configuration

 server { location = /favicon.ico { access_log off; log_not_found off; } listen [::]:443 ipv6only=on default_server ssl; listen 443 ssl; ssl on; ssl_certificate /home/hemanth/examp_com/example.crt; ssl_certificate_key /home/hemanth/ssl/example.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; # add here the ip address of your server # or a domain pointing to that ip (like example.com or www.example.com) server_name www.example.com; // continure rest code... }

0

Hemanth SP Mar 08 '19 at 4:15

source share

bobojam · Accepted Answer · 2012-01-10 22:53

I had a similar problem. It runs on one server and does not work on another server with the same Nginx configuration. Found a solution to which Igor answered here http://forum.nginx.org/read.php?2,1612,1627#msg-1627

Yes. Or you can combine SSL / non-SSL servers on one server:

 server { listen 80; listen 443 default ssl; # ssl on - remember to comment this out }

Working with nginx 400 "A simple HTTP request was sent to an HTTPS port"

nginx.conf

More articles: