修改之前,nginx的配置如下:
upstream local_tomcat_wechat{
server 127.0.0.1:80 weight=2 fail_timeout=1s;
}
server {
listen 443;
server_name www.xxxx.com;
error_log /nginx/log/www.xxxx.com.error.log warn;
ssl on;
ssl_certificate /nginx/nginxcert/xxxxxx.pem;
ssl_certificate_key /nginx/nginxcert/xxxxxx.key;
#ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /MyProject/{
proxy_next_upstream error timeout http_503 http_502 http_504 invalid_header;
proxy_pass http://local_tomcat_wechat/MyProject/;
proxy_set_header Host $host:80;
index index.html index.htm;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
}
修改之後變爲:
upstream local_tomcat_wechat{
server 127.0.0.1:80 weight=2 fail_timeout=1s;
}
server {
listen 443;
server_name www.xxxx.com;
error_log /nginx/log/www.xxxx.com.error.log warn;
ssl on;
ssl_certificate /nginx/nginxcert/xxxxxx.pem;
ssl_certificate_key /nginx/nginxcert/xxxxxx.key;
#ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /MyProject/{
proxy_next_upstream error timeout http_503 http_502 http_504 invalid_header;
proxy_pass http://local_tomcat_wechat/MyProject/;
proxy_redirect http:// https://;
add_header Cache-Control no-store;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
index index.html index.htm;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
}
主要是標紅部分的內容。
除了修改nginx的配置之外,還修改了tomcat的server.xml,在Engine的HOST標籤內添加
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>
根據網上參考資料說的,到此應該就可以了,我順手把tomcat的server.xml裏面的Connector的redirectPort改爲了443。
然後測試沒有問題了。至於要不要改443,可以留給大家驗證下吧。
參考資料:
http://blog.sina.com.cn/s/blog_56d8ea900101hlhv.html
https://www.cnblogs.com/lvjijun/p/11320276.html