nginx+tomcat 在nginx层配置http https 转成http到tomcat

最新推荐文章于 2023-05-27 11:10:32 发布

weixin_33970449

最新推荐文章于 2023-05-27 11:10:32 发布

阅读量93

点赞数

文章标签： java 运维 python

原文链接：https://my.oschina.net/u/3714931/blog/1583769

版权

2019独角兽企业重金招聘Python工程师标准>>>

遇到的问题：tomcat中的jsp页面拼接url

String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

结果是协议为http，端口号为 https的端口号，导致静态资源加载、ajax请求失败。

nginx配置：

upstream ******{
           server 127.0.0.1:8680 weight=1 fail_timeout=600s;
           server 127.0.0.1:8980 weight=1;
    }

 server {
        listen       80;
        server_name *******;

        charset utf-8;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            #root   html;
            #index  index.html index.htm;
            #proxy_pass  **********;
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header Host $host:80;
                #proxy_set_header X-Real-IP $remote_addr;
                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                client_max_body_size 10m;
                client_body_buffer_size 128k;
                proxy_connect_timeout 300;
                proxy_send_timeout 300;
                proxy_read_timeout 300;
                proxy_buffer_size 4k;
                proxy_buffers 4 32k;
                proxy_busy_buffers_size 64k;
                proxy_temp_file_write_size 64k;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        access_log  logs/access_http.log;

    }

    server {
        listen       6443 ssl;
        server_name  **********;
        error_log /usr/local/nginx/logs/error_debug debug; 
        ssl_certificate      /usr/local/nginx/ssl/pn.crt;
        ssl_certificate_key  /usr/local/nginx/ssl/pn.key;
    
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
    
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
    
        location / {  
            #add_header From /;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $http_host;
           proxy_set_header X-Forwarded-Proto https;
           proxy_redirect off;
           proxy_connect_timeout      240;
           proxy_send_timeout         240;
           proxy_read_timeout         240;
	 #  proxy_pass *********;  
	#		proxy_set_header		Host	$http_host;
	#		proxy_set_header		X-Real-IP	   $remote_addr;
	#		proxy_set_header		X-Forwarded-For $proxy_add_x_forwarded_for;
	#		proxy_set_header   Cookie $http_cookie; 
	#		client_max_body_size	1000m; 
        } 
      access_log  logs/apkaccess.log;
    }

tomcat端没有做配置，导致的结果是jsp页面中的请求路径成了：

http://****:6443/**** 无法请求到服务器。

在tomcat的<Host>标签中加入

<Valve className="org.apache.catalina.valves.RemoteIpValve"  
                  remoteIpHeader="x-forwarded-for"  
                  remoteIpProxiesHeader="x-forwarded-by"  
                  protocolHeader="x-forwarded-proto"  
                  httpsServerPort="6443"
            />

再次分别用http和https请求，协议和端口号可以对应。