前言
之前web应用程序代码里用到HttpServletRequest.getScheme()
得到的是http,但是启用了nginx的SSL后,确得到的不是https
如何配置Nginx和Tomcat整合,请看:https://blog.terrynow.com/2021/02/13/linux-nginx-tomcat-config-load-balance/
如何在nginx启用SSL,请看:https://blog.terrynow.com/2021/02/15/nginx-https-ssl-config/
下面解决如何让HttpServletRequest.getScheme()
得到正确的scheme
配置tomcat 在conf/server.xml下,<Host/>下,看下面『加入如下代码』部分
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> --> <!-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern="common" --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> <!-加入如下代码---> <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/> </Host>
配置nginx 在config ssl的地方,看下面『加入如下代码』部分
location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #加入如下代码 proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080; }
好了,重启tomcat和nginx,就可以得到正确的scheme了
文章评论