后端tomcat不开启https，用nginx反向代理使网站同时支持http和https协议总结

网站架构如下：

1、修改nginx配置文件，注释处都是修改要注意的地方

        listen       80;
        listen       443 ssl;#添加ssl支持
        server_name  localhost;

        #ssl                  on;#不要开启，否则只能用https,访问http会报nginx 400错误
        ssl_certificate      1_sd.com_bundle.crt; #文件放在conf目录下
        ssl_certificate_key  2_sd.com.key; #文件放在conf目录下
        ssl_session_timeout  5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;

        location ~ .*\.(php|jsp|cgi|page|action|service|do|ajax|html|htm)?$ {
            proxy_set_header   Host             $host:80;  
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto  $scheme; #反向代理时透传给后端tomcat，用户使访问协议，tomcat后面也需要添加配置接收此参数
	   				
            proxy_pass http://backend_server;
            proxy_redirect http:// $scheme://; #防止redirect跳回http
            expires   1s;
            add_header Cache-Control maxage=1;
            add_header Pragma public;
        }   

2、修改tomcat配置文件server.xml，接收nginx透传过来的协议类型

<Valve className="org.apache.catalina.valves.RemoteIpValve"  
				remoteIpHeader="X-Forwarded-For"  
				protocolHeader="X-Forwarded-Proto"  
				protocolHeaderHttpsValue="https"/>