By deeply optimizing the protocol stack and server, Tencent Cloud CLB achieves great improvement in HTTPS performance. Meanwhile, Tencent Cloud substantially reduces certificate costs through collaboration with international certificate authorities. CLB can bring significant benefits to your business in the following aspects:
CLB acts as a proxy for HTTPS. Both HTTP and HTTPS requests become HTTP requests when forwarded to a backend CVM instance by CLB. In this case, you cannot distinguish whether a frontend request is in HTTP or HTTPS.
CLB implants X-Client-Proto
into the header when it forwards the request to the real server:
X-Client-Proto: http (HTTP request on the frontend)
X-Client-Proto: https (HTTPS request on the frontend)
Assume that you need to configure the website https://example.com
, so that end users can visit it securely over HTTPS when they directly enter www.example.com
in the browser.
In this case, the request for accessing www.example.com
entered by an end user will be forwarded as below:
The request is transferred over HTTP and accesses port 80 of the CLB listener through VIP. Then, it is forwarded to port 8080 of the real server.
With the configuration of rewrite in Nginx on the real server, the request passes through port 8080 and is rewritten to the https://example.com
page.
Then, the browser sends the https://example.com
request to the corresponding HTTPS site again. The request accesses port 443 of the CLB listener through VIP and then is forwarded to port 80 of the real server.
At this point, the request forwarding process is completed.
This operation rewrites a browser user's HTTP request to a more secure HTTPS request and is imperceptible to the user. To implement the above request forwarding operation, you can configure the real server as follows:
server {
listen 8080;
server_name example.qcloud.com;
location / {
#! customized_conf_begin;
client_max_body_size 200m;
rewrite ^/.(.*) https://$host/$1 redirect;
}
}
Alternatively, in the new version of Nginx, redirect the Nginx HTTP page to the HTTPS page by using the recommended 301 redirection method:
server {
listen 80;
server_name example.qcloud.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.qcloud.com;
[....]
}
Was this page helpful?