nginx反响代理tomcat配置ssl

[root@ceshi conf]# cat /application/nginx/conf/vhost/tomcat_jjn.conf

server {

    listen 80;

    server_name yan.jjn.com;

    rewrite ^(.*) https://$server_name$1 permanent;

}

server {

    listen 443;

    server_name localhost;

    ssl on;

    root html;

    index index.html index.htm;

    ssl_certificate   cert/*.pem;

    ssl_certificate_key  cert/*.key;

    ssl_session_timeout 5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    location / {

        root html;

        index index.html index.htm;

    }

     location ~ .*$ {

                       proxy_redirect off;

                       proxy_set_header Host $http_$host;

                       proxy_set_header X-Real-IP $remote_addr;

                       proxy_set_header X-Scheme $scheme;

                       proxy_set_header X-SSL-Protocol $ssl_protocol;

                       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                       proxy_set_header X-HTTPS-Protocol $ssl_protocol;

                       #对应tomcat的server.xml的设置

                       proxy_set_header X-FORWARDED-PROTO $scheme;

                       expires -1;

                       proxy_pass http://127.0.0.1:8891;

   }

      access_log /application/nginx/logs/jjn.log main;

}

 [root@ceshi conf]# vim   /application/tomcat/conf/server.xml

注意：需要修改这里，非常重要

<Valve className="org.apache.catalina.valves.RemoteIpValve"

               remoteIpHeader="X-Forwarded-For"

               protocolHeader="X-Forwarded-Proto"

               remoteIpProxiesHeader="x-forwarded-by" />