javaweb项目基于nginx把http升级至https

程序员文章站 2022-05-01 09:38:29

...

先要申请https证书之后做如下操作，并不适合所有项目

在tomcat中的server.xml配置以下配置
javaweb项目基于nginx把http升级至https

<Valve className="org.apache.catalina.valves.RemoteIpValve"  remoteIpHeader="X-Forwarded-For" 
 protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>

在ngnix.conf中增加端口443配置

	server {
		listen 443;
		server_name 域名;#不带请求头例如www.baidu.com
		ssl on;
		#root html;
		index index.html index.htm;
		ssl_certificate   cert/20200807.pem;#https证书-在conf目录下创建cert目录并放入
		ssl_certificate_key  cert/20200807.key;#https证书-在conf目录下创建cert目录并放入
		ssl_session_timeout 5m;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers on;
		
		proxy_redirect http:// $scheme://;
        port_in_redirect on;
		
		location / {
			 add_header Access-Control-Allow-Origin *;#跨域配置
			add_header  Access-Control-Allow-Origin *;
			add_header  Access-Control-Allow-Credentials true ;
			add_header  Access-Control-Allow-Headers x-requested-with,content-type;
			proxy_pass   http://127.0.0.1:8080/;
			
			proxy_set_header        Host $host:$server_port; 
			proxy_set_header X-Forwarded-Proto  $scheme;
            # 获取真实IP 
            proxy_set_header        X-Real-IP $remote_addr; 
            # 获取代理者的真实ip 
            proxy_set_header       X-Forwarded-For   $proxy_add_x_forwarded_for; 
            # 解决getScheme，isSecure，sendRedirect
            proxy_set_header X-Forwarded-Scheme  $scheme; 
            client_max_body_size    10m; 
            client_body_buffer_size 128k; 
            #proxy_connect_timeout   90; 
            proxy_send_timeout      90; 
            #proxy_read_timeout      90; 
            proxy_buffer_size       4k; 
            proxy_buffers           4 32k; 
            proxy_busy_buffers_size 64k; 
            proxy_temp_file_write_size 64k;
        }
		access_log logs/js.com.log;
	}

server {
		listen      80;
        server_name  域名不带请求头;#例如www.baidu.com
        location / {
		    # 配置跨域请求
            add_header Access-Control-Allow-Origin *;#配置跨域
			rewrite ^(.*)$ https://$host$1 permanent;#所有请求类型转发成https
			#proxy_pass   http://127.0.0.1:8080/;
			proxy_set_header        Host $host:$server_port; 
            # 获取真实IP 
            proxy_set_header        X-Real-IP $remote_addr; 
            # 获取代理者的真实ip 
            proxy_set_header       X-Forwarded-For   $proxy_add_x_forwarded_for; 
            # 解决getScheme，isSecure，sendRedirect
            proxy_set_header X-Forwarded-Scheme  $scheme; 
            client_max_body_size    10m; 
            client_body_buffer_size 128k; 

            proxy_set_header Cookie $http_cookie;
            log_subrequest on;
            #proxy_connect_timeout   90; 
            proxy_send_timeout      90; 
            #proxy_read_timeout      90; 
            proxy_buffer_size       4k; 
            proxy_buffers           4 32k; 
            proxy_busy_buffers_size 64k; 
            proxy_temp_file_write_size 64k;
        }
		access_log logs/js.com.log;
	}

相关标签： G工作中的问题 http升级

上一篇： kubectl get node报Unable to connect to the server: x509: certificate signed by unknown authority。。。

下一篇： python Tornado https openssl SSL Error: Unable to verify the first certificate