NGINX 转发https到tomcat

微信小程序项目, 架构上使用了 Nginx +tomcat 集群, 且nginx下配置了SSL,tomcat no SSL,使用https协议

1、配置NGINX

#配置只能使用https访问

server{
    listen 80;
    server_name abc.com;
    #告诉浏览器有效期内只准用 https 访问
    add_header Strict-Transport-Security max-age=15768000;
    #永久重定向到 https 站点
    return 301 https://$server_name$request_uri;
}

#https监听的为443端口
server {
        listen      443;
        server_name  abc.com;
     ssl on;
    ssl_certificate   cert/1735216.pem;
    ssl_certificate_key  cert/1735216.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;


        location / {
            proxy_pass http://127.0.0.1:8080;
            proxy_redirect ~^http://([^:]+)(:\d+)?(.*)$  https://$1$3;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection keep-alive;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header  Host $host;  
            proxy_set_header  X-Real-IP  $remote_addr;  
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;  
            proxy_set_header  X-Forwarded-Proto  $scheme;  
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }

2、配置Tomcat server.xml 的 Engine 模块下配置一个 Valve：