1,未配置前Nginx的配置

       server {
            listen 80;
        server_name www.***.cn;
        return 301 https://$server_name$request_uri;

        location / {
#                            proxy_pass http://localhost:8080;
#                            proxy_redirect off;
#                            proxy_set_header Host $host;
#                            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#                            proxy_set_header X-Real-IP $remote_addr;                                                       
                            }
#            #rewrite ^(.*) https://$server_name$1 permanent;
#            
       }

        server {            
            listen 443 ssl;
            server_name www.***.cn;

            ssl_certificate    /etc/nginx/cert/4369939_www.***.cn.pem;
            ssl_certificate_key   /etc/nginx/cert/4369939_www.***.cn.key;
            ssl_session_timeout 5m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;    

            location / { 
#                proxy_set_header X-Real-IP $remote_addr;
#                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                               proxy_cookie_path / "/; httponly; secure; SameSite=Lax";
#                proxy_set_header X-Forwarded-Proto https;
#                proxy_set_header Host $http_host;
#                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:8080;
#                proxy_redirect on;
            }   
        }

2,修改后的配置,添加红色字体带下划线的配置后就解决NginxURL地址无效问题,但是浏览器控制台会出现

Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure........报错,

在使用tomcat+nginx时。Nginx使用https,tomcat使用http。使用iframe之类框架,在重定向时会出现以上问题导致页面加载不出来。这是因为Tomcat不能知道Nginx发来的是http还是https。

让tomcat知道nginx发来的是http还是https。默认情况下,nginx得到的https的访问会以http的方式发给负载的tomcat。

解决方法:

  1.加入下面蓝色字体配置

  2.在tomcat的server.xml  Engine 模块下配置一个 Value,最后重启tomcat和Nginx即可。

<Valve className="org.apache.catalina.valves.RemoteIpValve"

remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto"

protocolHeaderHttpsValue="https"/>

 

借鉴:https://blog.csdn.net/qq_27114677/article/details/77848078

server {
                listen 80;
                server_name www.***.cn;
                return 301 https://$server_name$request_uri;

                location / {
#                                                       proxy_pass http://localhost:8080;
#                                                       proxy_redirect off;
#                                                       proxy_set_header Host $host;
#                                                       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#                                                       proxy_set_header X-Real-IP $remote_addr;
                                                        }
#                       #rewrite ^(.*) https://$server_name$1 permanent;
#
       }

                server {
                        listen 443 ssl;
                        server_name www.***.cn;

                        ssl_certificate    /etc/nginx/cert/4369939_www.***.cn.pem;
                        ssl_certificate_key   /etc/nginx/cert/4369939_www.***.cn.key;
                        ssl_session_timeout 5m;
                        ssl_protocols TLSv1.2 TLSv1.3;
                        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
                        ssl_prefer_server_ciphers off;

                        rewrite https://$server_name/login permanent;

                        location / {
                                proxy_set_header X-Real-IP $remote_addr;
                                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                proxy_cookie_path / "/; httponly; secure; SameSite=Lax";
                                proxy_set_header X-Forwarded-Proto https;
                                proxy_set_header Host $Host:$server_port;
#                               proxy_set_header X-NginX-Proxy true;
                                proxy_pass http://localhost:8080;
#                               proxy_redirect on;
                        }
                }