一、背景
1.1 tomcat + struts的項目
1.2 支持https,nginx做證書卸載,nginx與tomcat依舊是以http協議交互
1.3 服務監聽的端口非80、443
1.4 後端獲取服務地址:String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
二、解決的問題
2.1 現象: 服務支持https後,登陸頁返回的靜態資源地址是443端口,但nginx、tomcat均未配置443端口
2.2 原因: 後端服務支持htps後,需要在tomcat裏明確指定端口號-httpsServerPort,否則request.getServerPort()默認獲取的是443
在未指明httpsServerPort時,圖中紅色區域端口爲443
三、完整配置
nginx配置:
server{
listen 1234 ssl;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate ../ssl/full_chain_rsa.crt;
ssl_certificate_key ../ssl/privateKey.key;
access_log logs/access.log web_entry;
location ~.*\.(html|htm|ico|png|jpg|jpeg|js|css|bmp)$ {
limit_except GET POST OPTIONS{
deny all;
}
root /home/boco4a/hswx/;
}
location / {
limit_except GET POST OPTIONS{
deny all;
}
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://127.0.0.1:11234;
}
}
tomcat配置:
<Service name="Back">
<Connector port="11234" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="1234" proxyPort="1234" URIEncoding="UTF-8" />
<Connector port="2234" protocol="AJP/1.3" redirectPort="1234" />
<Engine name="Catalina" defaultHost="localhost">z
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
</Realm>
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log."
suffix=".txt" pattern="%h %l %u %t "%r" %s %b" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
remoteIpProxiesHeader="X-Forwarded-By"
protocolHeader="X-Forwarded-Proto"
httpsServerPort="1234"
/>
<Context path="/test" docBase="/home/test11/test" reloadable="false" crossContext="true" />
</Host>
</Engine>
</Service>