https访问配置如下:
1.在nginx中的配置
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate java.cc_bundle.crt;
ssl_certificate_key java.cc.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {
return 204;
}
ssi on;
ssi_silent_errors on;
location / {
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 30;
proxy_read_timeout 10;
proxy_pass http://xxx/cc/;
proxy_cookie_path /cc/ /;
rewrite /cc/(.*)$ /$1 last;
}
}2.在tomcat的Host标签配置
nginx和tomcat是直接通过http协议通信的,tomcat直接用request.getScheme()方法取协议头拿到的是http
通常大部分程序中取ip的时候都附带了有限取头信息中X-Real-IP的逻辑,但是协议头一般还是使用的request.getScheme();
需要给tomcat conf/server.xml的Host标签中增加一行配置:
<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto"/>
然后重启tomcat,tomcat就能从请求头中拿真正的协议头了