Nginx使用Tomcat 7管理SSL [英] nginx managed SSL with Tomcat 7

问题描述

在server.xml中，让nginx管理SSL的正确配置是什么?除非我将tomcat标准连接标记为安全"，否则我当前的配置将导致重定向循环"，这不是我想要的.我的应用程序要求所有请求都使用https，如果使用http，则重定向到https.如果我将secure ="true"设置为不再重定向，但重定向循环"就消失了.我在做什么错了?

What is the proper configuration in server.xml to have nginx manage SSL? My current configuration results in a "redirect loop" unless I mark the tomcat standard connection "secure" which is not what I want. My app requires https for all requests and redirects to https if http is used. If I set secure="true" it no longer redirects but the "redirect loop" is gone. What am I doing wrong?

我当前的tomcat server.xml:

My current tomcat server.xml:

 <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" proxyPort="443"/>

Nginx conf:

Nginx conf:

  server {
        listen 80 default_server;
        server_name localhost, mydomain.com;

         location / {

        add_header 'Access-Control-Allow-Origin' '*';
         proxy_pass        http://localhost:8080/;
        proxy_redirect    off;
        proxy_set_header  Host               $host;
        proxy_set_header  X-Real-IP          $remote_addr;
        proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto  http;
        proxy_send_timeout 6000;
         }
        }
 server {
                 server_name localhost, mydomain.com;
                listen 443;

        ssl on;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1;
        #make sure you already have this certificate pair!
        ssl_certificate /etc/nginx/cert/server.crt;
        ssl_certificate_key /etc/nginx/cert/server.key;
        ssl_session_cache shared:SSL:10m;
        error_page 497 https://$host:$server_port$request_uri;

        # Our endpoint for tomcat reverse-proxy, assuming your endpoint java-servlet knows
        # how to handle http://localhost/gadgets  requests
        location / {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Url-Scheme $scheme;
            proxy_redirect off;
            proxy_connect_timeout      240;
            proxy_send_timeout         240;
            proxy_read_timeout         240;
            # note, there is not SSL here! plain HTTP is used
           proxy_pass http://localhost:8080/;
        }

     }

推荐答案

需要处理Tomcat中的x-forwarded-by和x-forwarded-proto标头.将以下内容添加到您的server.xml中:

Need to handle the x-forwarded-by and x-forwarded-proto headers in Tomcat. Add the following to your server.xml:

<Valve className="org.apache.catalina.valves.RemoteIpValve"
           remoteIpHeader="x-forwarded-for"
           remoteIpProxiesHeader="x-forwarded-by"
           protocolHeader="x-forwarded-proto"
    />

这篇关于Nginx使用Tomcat 7管理SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！