配置状态:nginx SSL + http tomcat
2、修改nginx配置【验证后发现,可以不用配置】
现象:当应用中存在redirect或者使用以下语句生成的URL路径时scheme和端口号都不正确的问题
String basePath = request.getScheme() + "://"+ request.getServerName() + ":"+ request.getServerPort()+ request.getRequestURI();
例如拼接URL得到的链接为
http://txs.tydevice.com:80/xxxxxx
redirect的连接为
http://txs.tydevice.com/xxxx
解决:
处理scheme不正确的解决
一、t
omcat server.xml在host节点增加
1
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" />
二、跳转链接配置,有两种方法
1、修改tomcat,在connector增加proxyPort=443,
redirectPort
=443
1
<Connector port="8089" protocol="HTTP/1.1"
2
connectionTimeout="20000" URIEncoding="UTF-8"
3
redirectPort="443" proxyPort="443" /> -->
这种方法仅适用所有访问tomcat应用均为443端口的应用,否则会导致所有请求该端口的应用,redirect均会跳转到443端口上,类似下图
![](index_files/74ff92ab-c98e-41af-8c7e-ffaacc943049.png)
开启proxy_redirect跳转至对应端口
1
location ^~ /client {
2
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
3
proxy_set_header Host $http_host;
4
proxy_set_header X-Forwarded-Proto https;
5
proxy_connect_timeout 240;
6
proxy_send_timeout 240;
7
proxy_read_timeout 240;
8
# note, there is not SSL here! plain HTTP is used
9
proxy_pass http://salesdev;
10
proxy_redirect http://txs.tydevice.com:80/ https://txs.tydevice.com/;
11
#access_log logs/access-api.log app_log;
12
}
![](index_files/4114d550-ab1d-432b-8de8-72760622fbb4.png)
如果要解决http redirect端口号不正确的问题,修改nginx配置,
其中的proxy_set_header Host $host:$server_port; 这一行非常关键。
1
location / {
2
add_header Access-Control-Allow-Origin *;
3
add_header Access-Control-Allow-Headers X-Requested-With;
4
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
5
root /opt/tydevice;
6
index index;
7
proxy_pass http://salesdev;
8
#proxy_redirect http://txs.tydevice.com/ http://txs.tydevice.com:9081 ;
9
#proxy_set_header Host $host;
10
proxy_set_header Host $host:$server_port;
11
proxy_set_header X-Real-IP $remote_addr;
12
proxy_set_header REMOTE-HOST $remote_addr;
13
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
14
client_max_body_size 50m;
15
client_body_buffer_size 10m;
16
proxy_connect_timeout 30;
17
proxy_send_timeout 30;
18
proxy_read_timeout 60;
19
proxy_buffer_size 256k;
20
proxy_buffers 4 256k;
21
proxy_busy_buffers_size 256k;
22
proxy_temp_file_write_size 256k;
23
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
24
proxy_max_temp_file_size 128m;
25
}