nginx使用Tomcat 7管理SSL

Nginx管理SSL的server.xml中的正确配置是什么?我当前的配置导致“重定向循环”,除非我标记了tomcat标准连接“安全”,这不是我想要的.我的应用需要https的所有请求和重定向到https如果使用http.如果我设置secure =“true”,它不再重定向,而是“redirect loop”没有了.我究竟做错了什么?

我目前的tomcat server.xml:

 

Nginx conf:

  server {
        listen 80 default_server;
        server_name localhost,mydomain.com;

         location / {

        add_header 'Access-Control-Allow-Origin' '*';
         proxy_pass        http://localhost:8080/;
        proxy_redirect    off;
        proxy_set_header  Host               $host;
        proxy_set_header  X-Real-IP          $remote_addr;
        proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto  http;
        proxy_send_timeout 6000;
         }
        }
 server {
                 server_name localhost,mydomain.com;
                listen 443;

        ssl on;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1;
        #make sure you already have this certificate pair!
        ssl_certificate /etc/Nginx/cert/server.crt;
        ssl_certificate_key /etc/Nginx/cert/server.key;
        ssl_session_cache shared:SSL:10m;
        error_page 497 https://$host:$server_port$request_uri;

        # Our endpoint for tomcat reverse-proxy,assuming your endpoint java-servlet knows
        # how to handle http://localhost/gadgets  requests
        location / {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Url-Scheme $scheme;
            proxy_redirect off;
            proxy_connect_timeout      240;
            proxy_send_timeout         240;
            proxy_read_timeout         240;
            # note,there is not SSL here! plain HTTP is used
           proxy_pass http://localhost:8080/;
        }

     }
最佳答案
所做的更改,使Tomcat / Spring将设置正确的安全cookie标志:

确保Tomcat在server.xml中运行SSL(443)重定向端口:

确保您的RemoteIpValve在您的主机中设置在server.xml中:

Nginx proxy -->
      

确保协议从Nginx.conf中的终止点转发:

# Tomcat we're forwarding to
upstream tomcat_server {
  server 127.0.0.1:9090 fail_timeout=0;
}

# Main server proxy
server {
  listen 443 ssl;
  server_name  sample.com;

  # HTTPS setup
  ssl on;
  ssl_session_timeout 10m;
  ssl_session_cache shared:SSL:10m;

  #ssl cyphers
  ... 
  #ssl certs
  ... 

  location / {

    # Forward SSL so that Tomcat knows what to do
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://tomcat_server;
    proxy_set_header X-Forwarded-Proto https;

    proxy_redirect off;
    proxy_connect_timeout      240;
    proxy_send_timeout         240;
    proxy_read_timeout         240;

    # Show error pages from S3 when down
    proxy_next_upstream error timeout http_502 http_503 http_504;
    error_page   502 503 504   https://s3.amazonaws.com/sample.com/maint;
}

我的大部分代理/ SSL Nginx conf都包含在上面,以便完整.希望能帮助某人.

相关文章

一、Linux下Nginx的安装 1.去官网 http://nginx.org/download/下载对应的Nginx安装包,推荐使...
一、空格:默认匹配、普通匹配 location / { root /home; } 二、= :精确匹配(表示匹配到 /home/resou...
``` nginx -c 配置文件路径 ``` ``` /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.con...
前言 nginx可所谓是如今最好用的软件级别的负载均衡了。通过nginx的高性能,并发能力强,占用内存下的特...
1.ngnix概念 Nginx是一款高性能的http 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器。由俄...
博客园从今天上午就开始报502错误 , 他的原因还不知道 , 暂时先说下我们遇到502的排查情况 最大的可能性...