1,未配置前Nginx的配置
server { listen 80; server_name www.***.cn; return 301 https://$server_name$request_uri; location / { # proxy_pass http://localhost:8080; # proxy_redirect off; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Real-IP $remote_addr; } # #rewrite ^(.*) https://$server_name$1 permanent; # } server { listen 443 ssl; server_name www.***.cn; ssl_certificate /etc/nginx/cert/4369939_www.***.cn.pem; ssl_certificate_key /etc/nginx/cert/4369939_www.***.cn.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cookie_path / "/; httponly; secure; SameSite=Lax"; # proxy_set_header X-Forwarded-Proto https; # proxy_set_header Host $http_host; # proxy_set_header X-NginX-Proxy true; proxy_pass http://localhost:8080; # proxy_redirect on; } }
2,修改后的配置,添加红色字体带下划线的配置后就解决NginxURL地址无效问题,但是浏览器控制台会出现
Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure........报错,
在使用tomcat+nginx时。Nginx使用https,tomcat使用http。使用iframe之类框架,在重定向时会出现以上问题导致页面加载不出来。这是因为Tomcat不能知道Nginx发来的是http还是https。
让tomcat知道nginx发来的是http还是https。默认情况下,nginx得到的https的访问会以http的方式发给负载的tomcat。
解决方法:
1.加入下面蓝色字体配置
2.在tomcat的server.xml Engine 模块下配置一个 Value,最后重启tomcat和Nginx即可。
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>
借鉴:https://blog.csdn.net/qq_27114677/article/details/77848078
server { listen 80; server_name www.***.cn; return 301 https://$server_name$request_uri; location / { # proxy_pass http://localhost:8080; # proxy_redirect off; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Real-IP $remote_addr; } # #rewrite ^(.*) https://$server_name$1 permanent; # } server { listen 443 ssl; server_name www.***.cn; ssl_certificate /etc/nginx/cert/4369939_www.***.cn.pem; ssl_certificate_key /etc/nginx/cert/4369939_www.***.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; rewrite https://$server_name/login permanent; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cookie_path / "/; httponly; secure; SameSite=Lax"; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $Host:$server_port; # proxy_set_header X-NginX-Proxy true; proxy_pass http://localhost:8080; # proxy_redirect on; } }