Nginx SSL+tomcat集群,request.getScheme() 取到https正确的协议

架构上使用了 Nginx +tomcat 集群, 且nginx下配置了SSL,tomcat no SSL,项目使用https协议

 

 


 

 

但是,明明是https url请求,发现 log里面,

 

 

Xml代码  收藏代码
  1. 0428 15:55:55 INFO  (PaymentInterceptor.java:44) preHandle() - requestStringForLog:    {  
  2.         "request.getRequestURL():": "http://trade.feilong.com/payment/paymentChannel?id=212&s=a84485e0985afe97fffd7fd7741c93851d83a4f6",  
  3.         "request.getMethod:": "GET",  
  4.         "_parameterMap":         {  
  5.             "id": ["212"],  
  6.             "s": ["a84485e0985afe97fffd7fd7741c93851d83a4f6"]  
  7.         }  
  8.     }  
 
request.getRequestURL() 输出出来的 一直是  http://trade.feilong.com/payment/paymentChannel?id=212&s=a84485e0985afe97fffd7fd7741c93851d83a4f6
但是浏览器中的URL却是 https://trade.feilong.com/payment/paymentChannel?id=212&s=a84485e0985afe97fffd7fd7741c93851d83a4f6

 

Changes I made so that Tomcat/Spring would set the proper Secure cookie flags:

Make sure Tomcat had SSL (443) redirect port running in server.xml:

<Service name="Catalina">
  ...
  <Connector executor="tomcatThreadPool"
    port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    redirectPort="8443" />
  ...
</Service> 

Ensure your RemoteIpValve is setup inside your host in server.xml:

<Service name="Catalina">
  ...
  <Engine name="Catalina" defaultHost="localhost">
    ...
    <Host name="localhost"  appBase="webapps"
        unpackWARs="true" deployOnStartup="true" autoDeploy="true">
      ...
      <!-- Mark HTTP as HTTPS forward from SSL termination at nginx proxy -->
      <Valve className="org.apache.catalina.valves.RemoteIpValve"
        remoteIpHeader="x-forwarded-for"
        remoteIpProxiesHeader="x-forwarded-by"
        protocolHeader="x-forwarded-proto"
        />
    </Host>
  </Engine>
</Service> 

Ensure that the protocol is being forwarded from it's termination point in nginx.conf:

# Tomcat we're forwarding to
upstream tomcat_server {
  server 127.0.0.1:9090 fail_timeout=0;
}

# Main server proxy
server {
  listen 443 ssl;
  server_name  sample.com;

  # HTTPS setup
  ssl on;
  ssl_session_timeout 10m;
  ssl_session_cache shared:SSL:10m;

  #ssl cyphers
  ... 
  #ssl certs
  ... 

  location / {

    # Forward SSL so that Tomcat knows what to do
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://tomcat_server;
    proxy_set_header X-Forwarded-Proto https;

    proxy_redirect off;
    proxy_connect_timeout      240;
    proxy_send_timeout         240;
    proxy_read_timeout         240;

    # Show error pages from S3 when down
    proxy_next_upstream error timeout http_502 http_503 http_504;
    error_page   502 503 504   https://s3.amazonaws.com/sample.com/maint;
} 


收藏  | 打印  | 字体:  -缩小  放大+    
[ x ] 请正确填写下面信息


是否保存此网页快照 是否公开此收藏

查看全部评论(1)我来说两句