https接口的支持判断,http升级到https需求
https接口的支持判断,http升级到https需求
1.以下是仅仅支持http,不支持https的提示。
http://myapi.mytest.com:8081/pinganzong/getCity
{"resCode":"999999","resMsg":"系统异常","data":null}
https://myapi.mytest.com:8081/pinganzong/getCity
ERR_SSL_PROTOCOL_ERRORhttp://myapi.mytest.com:8888/HRM3_WEB_AOTU/AotuPA/addorder
HTTP Status 500 -https://myapi.mytest.com:8888/HRM3_WEB_AOTU/AotuPA/addorder
ERR_SSL_PROTOCOL_ERROR
2.如果是仅仅支持https(需要配置ssl证书),不支持http,则在请求http接口的时候,会返回:
400 Bad Request The plain HTTP request was sent to HTTPS port stgw 这个报错信息。
3.postman请求:https接口可以在浏览器上面直接访问。
https请求demo: https://apis.map.qq.com/ws/district/v1/list?key=XXXX
4.测试过程:推断https不支持。
# 强制使用TLS 1.2
curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" --tlsv1.2# 或者尝试TLS 1.1
curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" --tlsv1.1# 启用详细日志查看SSL握手过程
curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" -v# 测试HTTP连接(如果支持)
curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "http://myapi.mytest.com:8081/public/pinganzong/getCity"# 使用wget测试
wget --no-check-certificate -O- "https://myapi.mytest.com:8081/public/pinganzong/getCity"[root@VM-1-84-centos /]$curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" --tlsv1.2
curl: (35) SSL received a record that exceeded the maximum permissible length.
[root@VM-1-84-centos /]$curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" --tlsv1.1
curl: (35) SSL received a record that exceeded the maximum permissible length.
[root@VM-1-84-centos /]$
[root@VM-1-84-centos /]$curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" -v
* About to connect() to myapi.mytest.com port 8081 (#0)
* Trying 175.XX.192.XX...
* Connected to myapi.mytest.com (175.XX.192.XX) port 8081 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crtCApath: none
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.[root@VM-1-84-centos /]$curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "http://myapi.mytest.com:8081/public/pinganzong/getCity"
{"resCode":"-1","resMsg":"签名有误"}[root@VM-1-84-centos /]$
[root@VM-1-84-centos /]$
[root@VM-1-84-centos /]$wget --no-check-certificate -O- "https://myapi.mytest.com:8081/public/pinganzong/getCity"
--2025-10-28 15:15:15-- https://myapi.mytest.com:8081/public/pinganzong/getCity
Resolving myapi.mytest.com (myapi.mytest.com)... 175.XX.192.XX
Connecting to myapi.mytest.com (myapi.mytest.com)|175.XX.192.XX|:8081... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
5.配置demo
server {listen 443 ssl;server_name yourdomain.com;ssl_certificate /path/to/your/certificate.pem;ssl_certificate_key /path/to/your/private.key;ssl_session_timeout 5m;ssl_protocols TLSv1.2;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;ssl_prefer_server_ciphers on;# 其他配置...
}
6.获取SSL证书
SSL证书是配置HTTPS的基础,主要有以下类型:
DV证书:适合个人站点,仅验证域名所有权
OV证书:适合企业官网,需要验证企业资质
EV证书:适合电商、金融等对安全要求更高的网站
可以从云服务商(如阿里云、腾讯云)申请免费或付费证书,免费证书通常有效期为3个月
7.完整迁移流程
1.申请并安装证书:选择合适的证书类型并部署到服务器
2.配置301重定向:确保所有HTTP流量永久重定向到HTTPS
3.更新内部链接:将网站中所有硬编码的HTTP链接改为HTTPS
4.提交搜索引擎更新:在Google Search Console、百度站长平台中更新网站属性
更新外部链接:需要提前通知第三方,最好可以同时支持http和https两种方式,如果不能支持,则需要约定时间,同步来升级到https来访问。
