環(huán)境中前端一臺nginx,后端tomcat,現(xiàn)在要對client到nginx的請求進(jìn)行ssl加密,考慮到速度的影響,只對動態(tài)請求加密(即所有已.do
結(jié)尾的請求),其它js/png 等文件不加密,為避免https與http混排的問題,jsp也不加密。nginx.conf
主要配置:
server {
listen 80;
server_name localhost;
...
location / {
root /apps/oa/oaapp/OA1;
index index.jsp index.html;
}
location ~ .*\.do$ {
rewrite ^(.*)$ https://ittest.example.com permanent;
}
}
server {
listen 443;
server_name ittest.example.com;
ssl on;
...
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
比如現(xiàn)在訪問登錄頁面login.html時,發(fā)送用戶名密碼請求http://ittest.example.com/member/login.do
,按照上面的規(guī)則應(yīng)該被rewrite到https://ittest.example.com/member/login.do
處理,我從chrome也確實看到了301重定向了,但是,新的https請求方法變成了GET,用戶名密碼信息也沒從http傳送過去。請問該怎么解決?
301就是這樣的,可以嘗試配置307狀態(tài)碼,在現(xiàn)代瀏覽器中它不會把post轉(zhuǎn)化為get
[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![] +[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[] +!+[]]+(!![]+[])[+!+[]]]([][(![]+[])[+[]]+([![]]+[ ][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[ +[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[ ])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[ ][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[ +[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[ +!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[] +!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[]) [+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]] ]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[ ]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]] +(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[ ]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[] ]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+ []+[+[]]]+(!![]+[])[+!+[]]()