Nginx+tomcat https 配置

** 证书位置
crt /ca/server.crt;
key /ca/server.key;
# Server 80 表示http,通过httpstatus 301 强制跳转⾄至https
server {
listen 80 ;
server_name xxx.zgxcw.com;
location / {
return 301 https://$host$request_uri;
}
error_page 404 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 ;
server_name xxx.zgxcw.com;
access_log logs/xxx443.zgxcw.com.log access ;
error_log logs/xxx443.zgxcw.com_error.log;
ssl on;
ssl_certificate /ca/server.crt;
ssl_certificate_key /ca/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EX
P;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://tom_xxx ;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
error_page 404 500 502 503 504 /50x.html;
location = /50x.html {
nginx+tomcat https 配置
nginx https配置

root html;
}
nginx 配置ssl之后，会发现tomcat 接收到请求依然是http，然后在
sendRedircet,getSchame⽅方法中获取的schame依然是http，或导致应⽤用程序会有莫名错误
tomcat 安装⽬目录下 conf/server.xml 新增 org.apache.catalina.valves.RemoteIpValve 节点
nginxip1|nginxip2 是nginx服务器器的ip
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="nginxip1|nginxip2"
remoteIpHeader="x-forwarded-for"
protocolHeader="x-forwarded-proto"
protocolHeaderHttpsValue="https"
/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directo
ry="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
jira安装⽬目录 conf/server.xml Engine节点下新增如下节点
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="nginxip"
remoteIpHeader="x-forwarded-for"
protocolHeader="x-forwarded-proto"
protocolHeaderHttpsValue="https"
/>
tomcat 配置
jira 升级https配置

Nginx+tomcat https 配置

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Nginx+tomcat https 配置 (20)

More from 诸葛修车网-诸葛商城 (7)

Recently uploaded (20)

Nginx+tomcat https 配置