Nginx+tomcat https 配置

50 %
50 %
Information about Nginx+tomcat https 配置

Published on January 4, 2017

Author: suntao86

Source: slideshare.net

1. ** 证书位置 crt /ca/server.crt; key /ca/server.key; # Server 80 表示http,通过httpstatus 301 强制跳转⾄至https server { listen 80 ; server_name xxx.zgxcw.com; location / { return 301 https://$host$request_uri; } error_page 404 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 443 ; server_name xxx.zgxcw.com; access_log logs/xxx443.zgxcw.com.log access ; error_log logs/xxx443.zgxcw.com_error.log; ssl on; ssl_certificate /ca/server.crt; ssl_certificate_key /ca/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EX P; ssl_prefer_server_ciphers on; location / { proxy_pass http://tom_xxx ; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } error_page 404 500 502 503 504 /50x.html; location = /50x.html { nginx+tomcat https 配置 nginx https配置

2. root html; } nginx 配置ssl之后,会发现tomcat 接收到请求依然是http,然后在 sendRedircet,getSchame⽅方法中获取的schame依然是http,或导致应⽤用程序会有莫名错误 tomcat 安装⽬目录下 conf/server.xml 新增 org.apache.catalina.valves.RemoteIpValve 节点 nginxip1|nginxip2 是nginx服务器器的ip <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="nginxip1|nginxip2" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" protocolHeaderHttpsValue="https" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directo ry="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b" /> </Host> </Engine> jira安装⽬目录 conf/server.xml Engine节点下新增如下节点 <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="nginxip" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" protocolHeaderHttpsValue="https" /> tomcat 配置 jira 升级https配置

Add a comment