Nginx配置Https访问,反向代理tomcat,发现两个问题:
(1)redirect之后的schema全变成了http。
(2)request.getSchema()全部返回http。
对于(1)解决办法:参考:http://blog.csdn.net/mr_smile2014/article/details/51701878
server {
listen 80 default_server;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect http:// $scheme://;
}
}
对于(2)的解决办法:参考:http://feitianbenyue.iteye.com/blog/2056357
nginx上配置:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
tomcat上配置:
<Engine >
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
protocolHeaderHttpsValue="https"/>
</Engine >
重启,over!
关于 RemoteIpValve,有兴趣的同学可以阅读下 :http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html
Tomcat port of mod_remoteip, this valve replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxy or a load balancer via a request headers (e.g. "X-Forwarded-For").
Another feature of this valve is to replace the apparent scheme (http/https) and server port with the scheme presented by a proxy or a load balancer via a request header (e.g. "X-Forwarded-Proto").