time: 2017-03-29 18:27
使用nginx作为请求跳转,由nginx接收https请求后,nginx以http向tomcat请求资源,将返回信息通过https加密后传递到客户端,
nginx配置:
server {
listen 443;
server_name pay.xsugar.cn; #填写绑定证书的域名
ssl on;
ssl_certificate /web/ssl/1_www.cn_bundle.crt;
ssl_certificate_key /web/ssl/2_www.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
}
}
tomcat按常规配置即可,
当tomcat端需要判定访问来源是https时,需要修改conf/server.xml文件中Engine节点,在Engine节点里添加<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" httpsServerPort="80"/> ,这时tomcat端接收到的请求就是https了。
记录开发过程中的点滴!