下面的配置项完成了,nginx监听的80端口必须使用https协议头。Nginx做反向代理指向了一个端口为8080的tomcat,此tomcat没有做ssl.
而且访问https://domain不带80端口
效果如下:
对应的nginx配置如下:
server {
listen 443 ssl;
server_name pt.benpaogg.com;
ssl on;
ssl_certificate/home/ssl/1_pt.benpaogg.com_bundle.crt; (公钥证书)
ssl_certificate_key/home/ssl/pt.benpaogg.com.key; (私钥证书)
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:1m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_passhttp://pt.benpaogg.com;
proxy_set_header X-Real-IP$remote_addr;
client_max_body_size 100m;
}
}
upstream pt.benpaogg.com {
server ipaddress:8080;
}