Actual combat HTTP Switch to HTTPS

Server side using Nginx + Tomcat

Niginx SSL on

Tomcat SSL Non

Steps:

1, modify the code, the external reference HTTP JS CSS file modified to HTTPS, if the external link does not support HTTPS, you need to download the static file to the project in the project reference.

2, the request to the HTTPS security certificate into the Nginx directory

3, modify the Nginx configuration file, turn on SSL support, and introduce the security certificate into the configuration file.

4. Open Nginx WebSocket Support

5. js, the WebSocket address referenced in the app is changed from WS to WSS

6, the system will directly invoke the external platform's details page, you need to proxy it to the HTTPS domain name, otherwise the page can not be accessed

7./NGINX-T Test whether the configuration file will load successfully and reload the Niginx configuration file if the configuration is successful./nginx-s Reload

8, Fastdfs file server temporarily without HTTPS processing, HTTP files can also be accessed

Test point after upgrade complete

1. Each page of the system, the icon can be accessed normally

2.app call interface can be accessed normally

3.app,web tracking page picture video Normal display

4. Clear Technology Reference page normal access

5. Monitor large screen normal access data display normal

6. Platform HTTPS interface can be invoked by external platform

Precautions:

1, NGINX missing SSL module

In CentOS, when configuring Nginx HTTPS, the following error occurred.

Nginx: [Emerg] unknown directive "SSL" in/usr/local/nginx/conf/nginx.conf:102

A) to the extracted Nginx directory

./configure--with-http_ssl_module

When executing the above statement, appears./CONFIGURE:ERROR:SSL modules require the OpenSSL library.

Install OpenSSL openssl-devel with yum-y

B) re-execution./configure

Re-execute./configure--with-http_ssl_module

Make, remember that do not install will overwrite.

C) Back up the original Nginx

Cp/usr/local/nginx/sbin/nginx/usr/local/nginx/sbin/nginx.bak

Overwrite the new nginx with the old

CP Objs/nginx/usr/local/nginx/sbin/nginx

Cp:cannot Create regular file '/usr/local/nginx/sbin/nginx ' When an error occurs: Text file busy

Solve with CP-RFP Objs/nginx/usr/local/nginx/sbin/nginx

D) test Nginx is correct

/usr/local/nginx/sbin/nginx-t

(Nginx:the configuration file/usr/local/nginx/conf/nginx.conf syntax is OK
Nginx:configuration file/usr/local/nginx/conf/nginx.conf test is successful)

E) Restart Nginx

/usr/local/nginx/sbin/nginx-s Reload

2, Request.getscheme () Get HTTPS correct protocol detailedA) Configure the Nginx forwarding item, the configuration file is nginx.conf, add the following content as follows:

Proxy_set_header X-forwarded-proto $scheme;

B) Configure Tomcat, the configuration file is Server.xml, and add the following:

<valve classname= "Org.apache.catalina.valves.RemoteIpValve"
Remoteipheader= "X-forwarded-for"
Protocolheader= "X-forwarded-proto"
protocolheaderhttpsvalue= "https"/>

3. Nginx's matching order

The syntax rules for location are as follows: Location [=|~|~*|^~]/uri/{...}.

In Nginx, location is divided into two categories: normal location and regular location. Normal location "is a/uri/that is prefixed with" = "or" ^~ "or has no prefix, including"/";" Regular location "is a/uri/prefixed with" ~ "or" ~* ".

So if you write multiple location in a server block, what is the order of Nginx for client requests?

The official website is described as follows: first match the normal location, take the maximum prefix match, and then match the regular location, if the match to the regular match, if there are more than one can match, then the first match result processing, If the regular match fails, match with the maximum prefix of the normal location. Nginx also sets a number of mechanisms to interrupt this order, namely "^~", "=" or location exact match.

The simple sequence is as follows:

First, the common location "=" Exact match;

Then the URL of the common location exactly matches;

Then the common location "^~" configuration;

then the regular match;

Then other common location matches;

Last "/" generic match

Actual combat HTTP Switch to HTTPS