[root@ceshi conf]# cat /application/nginx/conf/vhost/tomcat_jjn.conf
server {
listen 80;
server_name yan.jjn.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
server_name localhost;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/*.pem;
ssl_certificate_key cert/*.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
location ~ .*$ {
proxy_redirect off;
proxy_set_header Host $http_$host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-SSL-Protocol $ssl_protocol;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-HTTPS-Protocol $ssl_protocol;
#对应tomcat的server.xml的设置
proxy_set_header X-FORWARDED-PROTO $scheme;
expires -1;
proxy_pass http://127.0.0.1:8891;
}
access_log /application/nginx/logs/jjn.log main;
}
[root@ceshi conf]# vim /application/tomcat/conf/server.xml
注意:需要修改这里,非常重要
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
remoteIpProxiesHeader="x-forwarded-by" />
