Is it possible to set same port work with http and https?
Solution 1
No, it's not possible to run HTTP and HTTPS on the same port.
When using HTTPS the connection uses the SSL/TLS protocol from the very start. There is no possibility for the client to start transmitting using plain HTTP.
The SSL/TLS standard doesn't provide for a way to drop back to HTTP if plaintext communication is detected on the port.
Solution 2
I don't know how they did it, but the developers in my company did exactly what @thomasrutter says you can't do: We use a non standard TCP port (so not 80, nor 443) e.g. 8080 and on that port if you send a http request it redirects you to https on the same port 8080. They did it with nginx and did not achieve this with apache2!
Edit: does seem to do it in nginx witha 497 error code and your browser does the rest: https://ma.ttias.be/force-redirect-http-https-custom-port-nginx/
Related videos on Youtube
![Nullpointer](https://i.stack.imgur.com/JzZno.png?s=256&g=1)
Nullpointer
Updated on September 18, 2022Comments
-
Nullpointer almost 2 years
I've nodejs application which port number is
3001
and this app working with http but not work with https. On apache server, set the revers proxy for80
or443
to5001
and set revers proxy for 3001 also.http://<domain>:3001/socket.io/socket.js ---> Work https://<domain>:3001/socket.io/socket.js ---> Not Work(Secure Connection Failed or This site can’t be reached)
Here I need to know same port(
3001
) is work withhttp
andhttps
?Any solution for that?
-
pa4080 over 7 yearsI'm not familiar with nodejs apps, but in all cases you can use
stunnel4
to redirect http to https. -
Nullpointer over 7 yearsbut our requirement is to work both http and https so redirect not option for me :) In general case it is possible ?
-
pa4080 over 7 yearsIf http port is open in the firewall, it will be accessible.
-
Nullpointer over 7 yearsPort 80, 443 and 3001 are open to all but second https url which not work as above
-
pa4080 over 7 yearsI will write an answer and if you want you can try it.
-
Nullpointer over 7 years@SpasSpasov Sure Man
-
Nullpointer over 7 yearsLet us continue this discussion in chat.
-
user.dz over 7 yearsPlease, avoid cross posting ( serverfault.com/questions/820621/… ) . Have you checked these similar posts from SO stackoverflow.com/questions/22453782/… , stackoverflow.com/questions/15313308/…
-
Nullpointer over 7 years@user.dz i check above url it contains coding level and haproxy solution but i need to change on apache server only
-
-
Nullpointer over 7 yearsSo that developer set another port 9001 for https and 3001 for http, Now issue is that http+3001 working file. using https+9001 url working directly. Can we redirect https+3001->9001 using apache2 proxy ?
-
thomasrutter over 7 yearsYou would not be able to run both the redirect and the HTTP service on port 3001. You can't listen for both HTTP and HTTPS on the same port regardless of what your internal setup is.
-
Nullpointer over 7 yearsCan we do like if https+3001 --> 9001 redirect before the apache server and for http not changes. here my case 3001 port common for http and https (able to open https+9001 URL working fine).
-
pa4080 over 7 yearsIf
https
working properly, why you needhttp
? -
Nullpointer over 7 yearsNo, http working properly but https not because same port(3001), requirements is to work both, pls suggest me ones more
-
thomasrutter over 7 yearsNo unfortunately you cannot do as suggested a couple of comments ago. At the level of network communication where you would need to redirect a port, you would not know whether HTTP or HTTPS is being used yet. While you might be able to buffer and sniff the data, it would be both complicated and affect security.
-
Sara over 4 yearsYou absolutely can do this if you write the http(s) server. It's very easy to distinguish a TLS client handshake "hello" from a plaintext HTTP request, you only need to inspect the first byte (== 0x16 (TLS) or not). However, it would be difficult or impossible to combine that with most HTTP server implementations, as they don't typically allow you to pass them existing connections and buffers. The more important question is why would you want to do this, it's not generally a good idea.
-
bessarabov over 4 yearsIf it is not possible how does this nodejs library do it? github.com/mscdex/httpolyglot
-
thomasrutter over 4 yearsWell that looks like a pretty neat solution. It would have to remember state enough that communication could continue, and I imagine a client would not be able to mix HTTP and HTTPS requests to the same server
-
thomasrutter almost 3 yearsIt's impossible to do it at the network layer, ie without integrating the functionality into your TLS wrapper code (or deep inspection of same with buffering). If you do have the ability to integrate this functionality into your TLS code, to detect an incoming conversation that's not a valid handshake to see if it's plain HTTP, then yes. It's a kludge, whose security implications I haven't fully thought through, but it's doable at that layer. In your case, if the only possible HTTP interaction is a redirect to HTTPS, then at first glance I can't see any security issue.