转发http请求到https

1、Nginx配置https

示例：

#配置

upstream front {

server xx.xx.xx.xx:9001;

server xx.xx.xx.xx:8077 backup;

}

server {

listen 80;

server_name www.mzjrj.com;

rewrite ^ https://$server_name$request_uri? permanent;

}

server {

listen 443 ssl;

server_name www.mzjrj.com;

ssl_certificate /etc/ssl/star.mzjrj.com.crt;

ssl_certificate_key /etc/ssl/star.mzjrj.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

location / {

proxy_pass http://front;

}



}



#配置

upstream bm {

#主服务器IP地址

server xx.xx.xx.xx:9002;

#备机服务器IP地址

server xx.xx.xx.xx.:8080 backup;

}

server {

listen 80;

#访问域名

server_name bm.mzjrj.com;

rewrite ^ https://$server_name$request_uri? permanent;

}

server {

listen 443 ssl;

server_name bm.mzjrj.com;

# 申请的https证书

ssl_certificate /etc/ssl/star.mzjrj.com.crt;

# 应用程序私钥

ssl_certificate_key /etc/ssl/star.mzjrj.com.key;

ssl_session_timeout 5m;

#下边3行固定写法

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;



location / {

proxy_pass http://bm;

}

}

2、Tomcat配置https

配置完成之后, http https都可以访问web站点中的资源，如果想屏蔽掉http请求, 即是所有的请求都转发到https，则需要做以下几点：

• 把端口都改成443 (https协议的默认端口, 跟http一样, 用https访问的时候如果端口是443 则可以省略端口)

参数说明：

keystoreFile：在第一步创建的key存放位置

keystorePass：创建证书时的密码

• web.xml 需要配置一下

  

          

            SSL  

            /*  

          

          

            SSL required  

              

              

              

            CONFIDENTIAL