由 dawei
nginx管理SSL的server.xml中的正确配置是什么?我当前的配置导致“重定向循环”,除非我标记了tomcat标准连接“安全”,这不是我想要的.我的应用需要https的所有请求和重定向到https如果使用http.如果我设置secure =“true”,它不再重定向,而是“redirect loop”没有了.我究竟做错了什么?
我目前的tomcat server.xml:
Nginx conf:
server {
listen 80 default_server;
server_name localhost,mydomain.com;
location / {
add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://localhost:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_send_timeout 6000;
}
}
server {
server_name localhost,mydomain.com;
listen 443;
ssl on;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
#make sure you already have this certificate pair!
ssl_certificate /etc/nginx/cert/server.crt;
ssl_certificate_key /etc/nginx/cert/server.key;
ssl_session_cache shared:SSL:10m;
error_page 497 https://$host:$server_port$request_uri;
# Our endpoint for tomcat reverse-proxy,assuming your endpoint java-servlet knows
# how to handle http://localhost/gadgets requests
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note,there is not SSL here! plain HTTP is used
proxy_pass http://localhost:8080/;
}
}
最佳答案
所做的更改,使Tomcat / Spring将设置正确的安全cookie标志:
确保Tomcat在server.xml中运行SSL(443)重定向端口:
确保您的RemoteIpValve在您的主机中设置在server.xml中: