2016年9月22日 | Leave a comment 问题: 解决: 第一种方式 nginx https +tomcat http ,问题在于这样在servlet / jsp / jsf 中检测到的链接还是http,http 重定向可能会重定向到 http server{ # not work tomcat port diffrent listen 80; # not work tomcat port diffrent listen [::]:80; listen 443; listen [::]:443; root /opt/tomcat8/webapps/ROOT; server_name aa.com; ssl on; ssl_certificate /etc/nginx/conf.d/aa.crt; ssl_certificate_key /etc/nginx/conf.d/aa.key; ssl_session_timeout 5m; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; #ssl_prefer_server_ciphers on; location /admin { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:1080/admin; } } 1234567891011121314151617181920212223 server{ # not work tomcat port diffrent listen 80; # not work tomcat port diffrent listen [::]:80; listen 443; listen [::]:443; root /opt/tomcat8/webapps/ROOT; server_name aa.com; ssl on; ssl_certificate /etc/nginx/conf.d/aa.crt; ssl_certificate_key /etc/nginx/conf.d/aa.key; ssl_session_timeout 5m; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; #ssl_prefer_server_ciphers on; location /admin { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:1080/admin; }} 第二种方式 nginx https + tomcat https ,请参考其他网站; 第三种方式 nginx https + tomcat http (第一种的改造,解决了jsp / servlet /jsf 检测出是https 还是 http ,也能正常跳转) 需要配置好tomcat https 然后nginx proxy_pass http://localhost:443/admin; 1 proxy_pass http://localhost:443/admin; tomcat 配置: <Connector port="1081" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="1443" proxyPort="443" scheme="https" secure="true" /> 123 <Connector port="1081" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="1443" proxyPort="443" scheme="https" secure="true" />