Nginx + tomcat + HTTPS configuration No need to enable SSL support on Tomcat

Nginx ssl+tomcat cluster Nginx tomcat no no HTTPS

Recently done a Web project, the architecture of the use of Nginx +tomcat cluster, and the whole station HTTPS, with Nginx load, Nginx and Tomcat use intranet HTTP communication, encounter HTTP Css,js static resources by the browser interception problem, Many of the articles on the Web have been Nginx + tomcat enabled for HTTPS support and must be configured with SSL support both on both sides of Nginx and Tomcat, and today is a summary. problem encountered Nginx Force HTTPS access (HTTP jump to HTTPS) static resources such as HTTP Js,css blocked by browser (http not trusted) Final Solution

First solve the first problem Total station HTTPS
Reference
Three ways to share with the rest of us

The rewrite method of Nginx

server {  
listen  192.168.1.111:80;  
server_name test.com;  
Rewrite ^ (. *) $  https://$host $ permanent;
}  

Nginx's 497 status code, I chose this way

server {  
    listen       192.168.1.11:443;  #ssl端口  
    Listen       192.168.1.11:80;   #用户习惯用http访问, plus 80, followed by a 497 status code to allow it to automatically jump to 443 port  
    server_name  test.com;  
    #为一个server {...} Turn on SSL to support  
    SSL on                  ;  
    #指定PEM格式的证书文件   
    ssl_certificate      /etc/nginx/test.pem;   
    #指定PEM格式的私钥文件  
    ssl_certificate_key  /etc/nginx/test.key;  

    #让http请求重定向到https请求   
    error_page 497  https://$host $uri $args;  
}  

index.html Refresh Web page

 
Automatically jump to HTTPS when HTTP accesses to index.html

Next, solve the second problem.
If Tomcat and Nginx are not configured X-forwarded-proto Tomcat cannot correctly distinguish between HTTP and HTTPS, the static resources configured in Tomcat are considered HTTP and blocked by the browser. Request.getscheme () is always HTTP, not the actual HTTP or HTTPS

Configuring Nginx and Tomcat separately is good enough.
To configure forwarding options for Nginx:

Proxy_set_header       Host $host;  
    Proxy_set_header  x-real-ip  $remote _addr;  
    Proxy_set_header  x-forwarded-for $proxy _add_x_forwarded_for;  
    Proxy_set_header X-forwarded-proto  $scheme;  
 
Configure a Valve under the Engine module of Tomcat Server.xml:

<valve classname= "Org.apache.catalina.valves.RemoteIpValve"  
remoteipheader= "X-forwarded-for"  
Protocolheader= "X-forwarded-proto"  
protocolheaderhttpsvalue= "https"/>  
 
Non-80 port configuration
Nginx Add the following configuration
Proxy_set_header Host $host: $server _port; Non-80 ports, no $server_port required with 80 ports
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_set_header X-forwarded-proto $scheme;

Tomcat server.xml Configuration
<engine name= "Catalina" defaulthost= "localhost" >
<valve classname= "Org.apache.catalina.valves.RemoteIpValve"
Remoteipheader= "X-forwarded-for"
Protocolheader= "X-forwarded-proto"
Protocolheaderhttpsvalue= "https" httpsserverport= "7001"/> Not 80 ports, you must increase the Httpsserverport configuration, Otherwise the Request.getserverport () method returns 443.
</Engine>

About Remoteipvalve, you can read under Doc

Http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html