nginx反向代理 强制https请求 + 非root用户起80,443端口

dev环境 http强制跳转https

    server{
        listen 80;
        server_name wltx.12355.net;
        rewrite ^/(.*)$ https://wltx.123.net:443/$1 permanent;
    }

    server {
        listen       443 ssl;
        
        server_name  localhost wltx.123.net;
        ssl_certificate   /opt/nginxssl/12355net.pem;#ssl证书，把ssl证书放cert目录下，cert在nginx的conf目录下
        ssl_certificate_key  /opt/nginxssl/1445net.key;#ssl证书key
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_types  text/plain  text/css application/x-javascript text/xml application/javascript application/json application/xml application/html;
    gzip_static on;
        gzip_vary on;

参考：https://blog.csdn.net/gwdgwd123/article/details/109203550

 

1.

#强制使用https跳转

 return 301    https://$server_name$request_uri;
rewrite ^(.*)$ https://${server_name}$1 permanent;

http://www.cnblogs.com/bass6/p/7606965.html

2.

使用setcap

在root用户下执行命令：

1	#setcap cap_net_bind_service=+eip ./nginx

提示：注意文件的颜色变化

 

参考： https://www.cnblogs.com/chenjunjie12321/p/9226279.html