参考:https://blog.csdn.net/qq_27114677/article/details/77848078
在使用tomcat+nginx时,如果是nginx代理https请求,可能会出现页面可以访问,但是无法加载js和css,这是由于nginx代理https,而nginx和tomcat之间是http,会报:The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure…
让tomcat知道nginx发来的是http还是https。默认情况下,nginx得到的https的访问会以http的方式发给负载的tomcat。
一、如果让tomcat知道是https的,需要如下配置
(1)配置 Nginx 的转发选项:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
server {
listen 443 ssl;
server_name test*******.com;
ssl on;
ssl_certificate /etc/nginx/cart/25893*****.com.pem;
ssl_certificate_key /etc/nginx/cart/25893*********.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://test360*********m:8080; #注:建议这里配置端口号;否则必须是80端口
# 新增代码块
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
(2)配置Tomcat server.xml 的 Engine 模块下配置一个 Value:
<Valve className=“org.apache.catalina.valves.RemoteIpValve”
remoteIpHeader=“X-Forwarded-For” protocolHeader=“X-Forwarded-Proto”
protocolHeaderHttpsValue=“https”/>
配置双方的 X-Forwarded-Proto 就是为了正确地识别实际用户发出的协议是 http 还是 https。
X-Forwarded-For 是为了获得实际用户的 IP。
另一方法
若jsp加载样式标签为如下所示:
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<link rel="<%basePath%>stylesheet" href="static/ace/css/datepicker.css" />
可修改为:
<%
String path = request.getContextPath();
String basePath = path+"/";
%>
<link rel="<%basePath%>stylesheet" href="static/ace/css/datepicker.css" />
只保留 如上所示,地址自动识别是http还是https。