修改之前,nginx的配置如下:
upstream local_tomcat_wechat{
server 127.0.0.1:80 weight=2 fail_timeout=1s;
}
server {
listen 443;
server_name www.xxxx.com;
error_log /nginx/log/www.xxxx.com.error.log warn;
ssl on;
ssl_certificate /nginx/nginxcert/xxxxxx.pem;
ssl_certificate_key /nginx/nginxcert/xxxxxx.key;
#ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /MyProject/{
proxy_next_upstream error timeout http_503 http_502 http_504 invalid_header;
proxy_pass http://local_tomcat_wechat/MyProject/;
proxy_set_header Host $host:80;
index index.html index.htm;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
}
修改之后变为:
upstream local_tomcat_wechat{
server 127.0.0.1:80 weight=2 fail_timeout=1s;
}
server {
listen 443;
server_name www.xxxx.com;
error_log /nginx/log/www.xxxx.com.error.log warn;
ssl on;
ssl_certificate /nginx/nginxcert/xxxxxx.pem;
ssl_certificate_key /nginx/nginxcert/xxxxxx.key;
#ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /MyProject/{
proxy_next_upstream error timeout http_503 http_502 http_504 invalid_header;
proxy_pass http://local_tomcat_wechat/MyProject/;
proxy_redirect http:// https://;
add_header Cache-Control no-store;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
index index.html index.htm;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
}
主要是标红部分的内容。
除了修改nginx的配置之外,还修改了tomcat的server.xml,在Engine的HOST标签内添加
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>
根据网上参考资料说的,到此应该就可以了,我顺手把tomcat的server.xml里面的Connector的redirectPort改为了443。
然后测试没有问题了。至于要不要改443,可以留给大家验证下吧。
参考资料:
http://blog.sina.com.cn/s/blog_56d8ea900101hlhv.html
https://www.cnblogs.com/lvjijun/p/11320276.html