環(huán)境中前端一臺(tái)nginx��,後端tomcat�����,現(xiàn)在要對(duì)client到nginx的請(qǐng)求進(jìn)行ssl加密,考慮到速度的影響�,只對(duì)動(dòng)態(tài)請(qǐng)求加密(即所有已.do結(jié)尾的請(qǐng)求),其它js/png 等檔案不加密�,為避免https與http混排的問題,jsp也不加密����。
nginx.conf主要配置:
server {
listen 80;
server_name localhost;
...
location / {
root /apps/oa/oaapp/OA1;
index index.jsp index.html;
}
location ~ .*\.do$ {
rewrite ^(.*)$ https://ittest.example.com permanent;
}
}
server {
listen 443;
server_name ittest.example.com;
ssl on;
...
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
例如現(xiàn)在訪問登入頁面login.html時(shí),發(fā)送使用者名稱密碼請(qǐng)求http://ittest.example.com/member/login.do���,依照上面的規(guī)則應(yīng)該被rewrite到https://ittest.example.com/member/login.do處理���,我從chrome也確實(shí)看到了301重定向了,但是�,新的https請(qǐng)求方法變成了GET,使用者名稱密碼資訊也沒從http傳送過去��。請(qǐng)問該怎麼解決?
