nginx https配置

1、在nginx安装目录下创建cert目录并将.pem和.key的证书拷贝到该目录下
.crt文件：是证书文件，crt是pem文件的扩展名。
.key文件：证书的私钥文件

配置文件：


worker_processes auto;
worker_cpu_affinity auto;
error_log /var/log/nginx/error.log crit;
worker_rlimit_nofile 65535;
events {
        use epoll;
        worker_connections 65535;
        }
http {
        include mime.types;
        default_type    application/octet-stram;
        server_tokens   off;
server_names_hash_bucket_size 64;
        sendfile        on;
        keepalive_timeout 65;
        gzip  on;
        gzip_http_version 1.1;
        gzip_vary on;
        gzip_comp_level 6;
        gzip_proxied any;
        gzip_types text/plain  text/css application/json  application/x-javascript text/xml application/xml application/xml+rss text/javascript application/x-shockwave-flash image/png image/x-icon image/gif image/jpeg;
        gzip_buffers 16 8k;

upstream yx {
        server 172.168.2.234:8080 weight=1;
        session_sticky;
        }

#重定向
server {
listen 80;
server_name  yxlx.hufe.edu.cn;
rewrite ^(.*) https://$server_name$1 permanent;
}



  server {
        #配置上文的80监听这一行不用配
        listen 80;
listen              443 ssl;  
        server_name  yxlx.hufe.edu.cn;
ssl_certificate     /usr/nginx/cert/star_hufe_edu_cn.pem;
        ssl_certificate_key     /usr/nginx/cert/myprivate_ov.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location /zhxy {
                proxy_pass      http://172.168.2.234:6080;
                include         proxy.conf;
                proxy_set_header X-Forwarded-Proto  $scheme;
         }
        




        location ^~ /WEB-INF {
                deny all;
                }

   }















}




2、在tomcat 的server.xml文件中的 Engine 模块下配置一个 Valve：

<Valve className="org.apache.catalina.valves.RemoteIpValve" 
remoteIpHeader="X-Forwarded-For" 
protocolHeader="X-Forwarded-Proto" 
protocolHeaderHttpsValue="https"/>