Nginx+tomcat 配置https訪問

nginx設置443端口和tomcat經過http訪問

直接上配置文件

upstream    serve1{
        server  10.1.1.1:8080;
    }
 upstream    serve2{
        server  10.1.1.2:8080;
    }
 server {
        listen       80;
        server_name  www.xxx.com;
        return	  301 https://$server_name$request_uri;

    }#訪問www.xxx.com時會強制跳轉到https進行訪問

server {
        listen       443 ssl;
        server_name  www.xxx.com; #ip或者域名

	ssl		     on;
        ssl_certificate      /home/cert-out/outserver.crt;
        ssl_certificate_key  /home/cert-out/outserver_no_password.key;#有密碼時重啓nginx會要求輸入密碼

        #location / {
            #proxy_pass         http://serve1;
            #proxy_set_header   Host             $host;
            #proxy_set_header   X-Real-IP        $remote_addr;
            #proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
	#}
	
	location /serve1 {
            proxy_pass http://serve1;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            client_max_body_size 50m;
            client_body_buffer_size 256k;
            proxy_connect_timeout 30;
            proxy_send_timeout 30;
            proxy_read_timeout 60;
            proxy_buffer_size 16k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
        }
        location /serve2 {
            proxy_pass http://serve2;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            client_max_body_size 50m;
            client_body_buffer_size 256k;
            proxy_connect_timeout 30;
            proxy_send_timeout 30;
            proxy_read_timeout 60;
            proxy_buffer_size 16k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
        }
	location /serve1/websocket {#websocket配置  前臺須要用wss訪問
        proxy_pass http://serve1/serve1/websocket;

        proxy_redirect    off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_read_timeout 3600;
		
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
   	 }

    }

tomcat配置：

<!--server.xml-->
<Connector port="8080" protocol="HTTP/1.1"
              maxThreads="1000"
              minProcessors="100"
              maxProcessors="1000"
              minSpareThreads="100"
              maxSpareThreads="1000"
              enableLookups="false"
              URIEncoding="utf-8"
              acceptCount="1000"
              connectionTimeout="20000"
              disableUploadTimeout="ture"
                redirectPort="443" <!--這裏的443也是同樣的指定要訪問https時 443對應nginx的443，若是沒有nginx 則配置tomcat本身的https端口 默認是8443吧 記得2邊得對應上-->
               proxyPort="443" /><!--不要加proxyPort="443" 有時訪問80端口時會強制跳轉到443端口 不知道爲何
更新 查了proxyPort的做用 只會在有代理的狀況下產生做用，通俗的講就是proxyPort影響request.getServerPort()的值 也就是會影響重定向的絕對URL 也就是說配置了nginx tomcat重定向的端口會使用proxyPort設置的端口，我以前的狀況是有301 因此訪問80時重定向到了443端口。 注意有301和302的狀況就行
-->
<!--Host標籤里加-->
<Valve className="org.apache.catalina.valves.RemoteIpValve"
				remoteIpHeader="x-forwarded-for"
				remoteIpProxiesHeader="x-forwarded-by"
				protocolHeader="x-forwarded-proto"/>

若是在tomcat中須要使用302跳轉 可在配置

 <Valve className="org.apache.catalina.valves.RemoteIpValve"
                                remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
                                protocolHeader="x-forwarded-proto"/>

springboot也是配置這幾項。

而後再nginx中配置

proxy_set_header Host $host;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;

便可。當時在訪問項目根路徑時仍是有問題。tomcat不啓動https 或者nginx 80端口沒處理仍是會跳轉http

ok這樣就實現了https nginx+tomcat訪問