在Tomcat下部署Java Web应用 并通过Nginx反向代理及配置HTTPS
1.nginx的conf如下:
upstream application {
server localhost:8080;//Tomcat的项目访问地址
}
#将http转至https
server {
listen 80;
server_name www.xxxxx.com;//要访问的域名
location /{
rewrite ^(.*)$ https://$host$1 last;
}
}
#https配置
server {
listen 443 ssl;
server_name www.xxxxx.com;//要访问的域名
ssl_certificate /usr/local/nginx/conf/conf.d/nginxca/1898004_www.xxxxx.com.pem;//阿里云申请的ca证书
ssl_certificate_key /usr/local/nginx/conf/conf.d/nginxca/1898004_www.xxxxx.com.key;//阿里云申请的ca证书密钥
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
error_page 497 https://$host$uri$args;
location /{
proxy_pass http://application;//upstream 标识
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect http:// $scheme://; #做https跳转
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100m;
root html;
index index.jsp index.html;
}
}
注意开启https需要nginx支持ssl
如未开启ssl模块支持请参考https://www.cnblogs.com/piscesLoveCc/p/6120875.html
2.tomcat的server.xml
需要在原有配置基础上添加proxyPort="443"
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" proxyPort="443" URIEncoding="UTF-8" />
在Host标签下添加一个Value
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
protocolHeaderHttpsValue="https"/>
修改后重新启动Tomcat及Nginx即可