1,未配置前Nginx的配置
server { listen 80; server_name www.***.cn; return 301 https://$server_name$request_uri; location / { # proxy_pass http://localhost:8080; # proxy_redirect off; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Real-IP $remote_addr; } # #rewrite ^(.*) https://$server_name$1 permanent; # } server { listen 443 ssl; server_name www.***.cn; ssl_certificate /etc/nginx/cert/4369939_www.***.cn.pem; ssl_certificate_key /etc/nginx/cert/4369939_www.***.cn.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cookie_path / "/; httponly; secure; SameSite=Lax"; # proxy_set_header X-Forwarded-Proto https; # proxy_set_header Host $http_host; # proxy_set_header X-NginX-Proxy true; proxy_pass http://localhost:8080; # proxy_redirect on; } }
2,修改后的配置,添加紅色字體帶下划線的配置后就解決NginxURL地址無效問題,但是瀏覽器控制台會出現
Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure........報錯,
在使用tomcat+nginx時。Nginx使用https,tomcat使用http。使用iframe之類框架,在重定向時會出現以上問題導致頁面加載不出來。這是因為Tomcat不能知道Nginx發來的是http還是https。
讓tomcat知道nginx發來的是http還是https。默認情況下,nginx得到的https的訪問會以http的方式發給負載的tomcat。
解決方法:
1.加入下面藍色字體配置
2.在tomcat的server.xml Engine 模塊下配置一個 Value,最后重啟tomcat和Nginx即可。
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>
借鑒:https://blog.csdn.net/qq_27114677/article/details/77848078
server { listen 80; server_name www.***.cn; return 301 https://$server_name$request_uri; location / { # proxy_pass http://localhost:8080; # proxy_redirect off; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Real-IP $remote_addr; } # #rewrite ^(.*) https://$server_name$1 permanent; # } server { listen 443 ssl; server_name www.***.cn; ssl_certificate /etc/nginx/cert/4369939_www.***.cn.pem; ssl_certificate_key /etc/nginx/cert/4369939_www.***.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; rewrite https://$server_name/login permanent; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cookie_path / "/; httponly; secure; SameSite=Lax"; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $Host:$server_port; # proxy_set_header X-NginX-Proxy true; proxy_pass http://localhost:8080; # proxy_redirect on; } }