通過配置實現Nginx轉發Tomcat。
下面是詳細的配置(Nginx 端口 80/443,Tomcat 的端口 8080)
- 配置 http 重定向到 https:
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
}- 配置ssl證書及https轉發:
server{
listen 443;
server_name localhost;
ssl on;
ssl_certificate server.pem;
ssl_certificate_key server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#啟用TLS1.1、TLS1.2要求OpenSSL1.0.1及以上版本,若您的OpenSSL版本低於要求,請用 ssl_protocols TLSv1;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
location/{
root html;
index index.html index.htm;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080;
}
}其中最為關鍵的就是 ssl_certificate 和 ssl_certificate_key 還有proxy轉發的配置。
Tomcat修改server.xml文件增加對https的支持:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" httpsServerPort="443"/>