(亲测有效)nginx代理HTTPS到tomcat的HTTP,解决tomcat获取到的schema和端口错误

目录

  • 一、场景
  • 二、配置方案一(亲测有效):
    • 1、nginx配置
    • 2、Tomcat配置
      • 配置端口监听
      • 配置engine
  • 三、配置方案二:
    • 1、nginx配置
    • 2、Tomcat配置

一、场景

Nginx配置监听https,端口是8443
Tomcat配置监听http,端口是888

二、配置方案一(亲测有效):

1、nginx配置

server {
    	listen       8443 ssl;
        server_name  www.test.com;
		# 配置nginx证书
	    ssl_certificate      ssl/www.test.com.pem;
	    ssl_certificate_key  ssl/www.test.com.key;
	
	    ssl_session_cache    shared:SSL:1m;
	    ssl_session_timeout  5m;
		ssl_ciphers  HIGH:!aNULL:!MD5;
		ssl_prefer_server_ciphers  on;
        # 配置静态资源      
		location /pm/v4/{
			alias   "E:/01web/apache-tomcat-pm/webapps/pm/v4/";
		}
		location /pm/jslib/{
			alias   "E:/01web/apache-tomcat-pm/webapps/pm/jslib/";
		}
		location /pm/css/{
			alias   "E:/01web/apache-tomcat-pm/webapps/pm/css/";
		}
		location /pm/images/{
			alias   "E:/01web/apache-tomcat-pm/webapps/pm/images/";
		}
		location /pm/temp/{
			alias   "E:/01web/apache-tomcat-pm/webapps/pm/temp/";
		}
		location /pm/main4.0/{
			alias   "E:/01web/apache-tomcat-pm/webapps/pm/main4.0/";
		}
		location /pmproduct/main1.0/ {
			alias   "E:/tomcatBak1/apache-tomcat-standard/webapps/pmproduct/main1.0/";
		}
		
		location /pm{
			add_header Cache-Control 'no-store';
			client_max_body_size 300m;
			proxy_http_version 1.1;
			# 非默认端口需要添加$server_port
			proxy_set_header Host $host:$server_port; 
			proxy_set_header X-Real-IP $remote_addr; 
			proxy_set_header X-Forwarded-Host $http_host;
			#这个很关键
			proxy_set_header X-Forwarded-Port $server_port;
			proxy_redirect off;
			proxy_connect_timeout      1;
			proxy_send_timeout         240;
			proxy_read_timeout         240;
			proxy_pass http://127.0.0.1:888/pm;
		}
        
    }

注意关键配置:
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;

参考:https://www.freesion.com/article/8790212644/

2、Tomcat配置

配置端口监听

<Connector port="888" protocol="HTTP/1.1"
               connectionTimeout="200000"
			   maxThreads="500"
               redirectPort="8443" proxyPort="8443"  scheme="https" URIEncoding="UTF-8" compression="on"
			compressionMinSize="1024"
			compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/csv,application/javascript,application/json,application/xml"			   />
		

核心:
redirectPort=“8443” proxyPort=“8443” scheme=“https”

配置engine

需要在Engine里面添加配置如下:

<Valve className="org.apache.catalina.valves.RemoteIpValve"
                remoteIpHeader="x-forwarded-for"
                remoteIpProxiesHeader="x-forwarded-by"
                protocolHeader="x-forwarded-proto"
                protocolHeaderHttpsValue="https"
                httpsServerPort="8443"/>

上面的 protocolHeaderHttpsValue="https"和httpsServerPort="8443"的配置很关键,如果只配置了https这个,则Nginx访问后,如果应用重定向了则会重定向到443端口,而我们Nginx的端口实际应该是8443,导致访问到了443;所以``httpsServerPort的配置就很关键了,这个配置指定了代理服务器的端口是8443,合起来的意思,如果http请求到来,则重定向到该端口,而不是443,而且如果代理服务器是https,则重定向的到https`。

三、配置方案二:

1、nginx配置

server {
    listen 8443;
    server_name test;
    ssl on;
    ssl_certificate   /usr/local/cert/test.pem;
    ssl_certificate_key  /usr/local/cert/test.key;
    ssl_session_timeout 30m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    
    location / {
        proxy_pass http://127.0.0.1:888;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		# 非默认端口需要添加$server_port
        proxy_set_header Host $host:$server_port; 
	    proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $http_host;
        #这个很关键
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_redirect off;
    }
}

2、Tomcat配置

在 Engine 中添加如下 valve 配置:

<Valve className="org.apache.catalina.valves.RemoteIpValve"
    portHeader="x-forwarded-port"
    protocolHeader="x-forwarded-proto"
    proxiesHeader="x-forwarded-by"
    remoteIpHeader="x-forwarded-for"/>

你可能感兴趣的:(开发组件,nginx,https,tomcat)