本文共 1887 字,大约阅读时间需要 6 分钟。
修改之前,nginx的配置如下:
upstream local_tomcat_wechat{
server 127.0.0.1:80 weight=2 fail_timeout=1s; } server { listen 443; server_name www.xxxx.com; error_log /nginx/log/www.xxxx.com.error.log warn; ssl on; ssl_certificate /nginx/nginxcert/xxxxxx.pem; ssl_certificate_key /nginx/nginxcert/xxxxxx.key; #ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location /MyProject/{ proxy_next_upstream error timeout http_503 http_502 http_504 invalid_header; proxy_pass http://local_tomcat_wechat/MyProject/; proxy_set_header Host $host:80; index index.html index.htm; }location ~ ^/(WEB-INF)/ {
deny all; } }修改之后变为:
upstream local_tomcat_wechat{
server 127.0.0.1:80 weight=2 fail_timeout=1s; } server { listen 443; server_name www.xxxx.com; error_log /nginx/log/www.xxxx.com.error.log warn; ssl on; ssl_certificate /nginx/nginxcert/xxxxxx.pem; ssl_certificate_key /nginx/nginxcert/xxxxxx.key; #ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location /MyProject/{ proxy_next_upstream error timeout http_503 http_502 http_504 invalid_header; proxy_pass http://local_tomcat_wechat/MyProject/; proxy_redirect http:// https://; add_header Cache-Control no-store; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; index index.html index.htm; }location ~ ^/(WEB-INF)/ {
deny all; } }主要是标红部分的内容。
除了修改nginx的配置之外,还修改了tomcat的server.xml,在Engine的HOST标签内添加
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>
根据网上参考资料说的,到此应该就可以了,我顺手把tomcat的server.xml里面的Connector的redirectPort改为了443。
然后测试没有问题了。至于要不要改443,可以留给大家验证下吧。
参考资料:
转载地址:http://hmcdi.baihongyu.com/