一、反向代理端
server {
listen 443 ssl http2;
server_name xlcp.nmgzhxy.cn;
index index.html index.htm index.php;
ssl_certificate /root/.acme.sh/xys.cn/fullchain.cer;
ssl_certificate_key /root/.acme.sh/xys.cn/xys.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
client_max_body_size 1000m;
client_header_buffer_size 128k;
large_client_header_buffers 4 128k;
location / {
proxy_pass http://172.22.70.110:8090/;
proxy_redirect http:// $scheme://; # 必须配置:
#proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; # 必须配置
#proxy_set_header X-Forwarded-Proto $http_X_Forwarded_Proto;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
二、Tomcat服务端
在tomat的server.xml
配置中添加如下配置:tomcat\conf\server.xml
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
protocolHeaderHttpsValue="https"/>
最后重启nginx和Tomcat服务。