Tomcat + Nginx 启用HTTPS

在Tomcat下部署Java Web应用 并通过Nginx反向代理及配置HTTPS

1.nginx的conf如下：

upstream oms {
  server localhost:8080;//Tomcat的项目访问地址
}
#将http转至https
server {
  listen 80;
  server_name oms.fngz9nd.com;//要访问的域名
  location /{
    rewrite ^(.*)$ https://$host$1 last;
	}
}
#https配置
server {
    listen      443 ssl;
    server_name  www.xxxxx.com;//要访问的域名
    ssl_certificate      /usr/local/nginx/conf/conf.d/nginxca/1898004_oms.fngz9nd.com.pem;//阿里云申请的ca证书
    ssl_certificate_key  /usr/local/nginx/conf/conf.d/nginxca/1898004_oms.fngz9nd.com.key;//阿里云申请的ca证书密钥
    ssl_session_timeout  5m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
    error_page 497  https://$host$uri$args;

    location /{
        proxy_pass  http://oms;//upstream 标识
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_redirect http:// $scheme://; #做https跳转
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        client_max_body_size 100m;
        root html;
        index index.jsp index.html;
    }
}

注意开启https需要nginx支持ssl

如未开启ssl模块支持请参考https://www.cnblogs.com/piscesLoveCc/p/6120875.html

2.tomcat的server.xml

需要在原有配置基础上添加proxyPort="443"
<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" proxyPort="443" URIEncoding="UTF-8" />
在Host标签下添加一个Value
<Valve className="org.apache.catalina.valves.RemoteIpValve"  
               remoteIpHeader="X-Forwarded-For"  
               protocolHeader="X-Forwarded-Proto"  
               protocolHeaderHttpsValue="https"/>

修改后重新启动Tomcat及Nginx即可