后端tomcat不开启https，用nginx反向代理使网站同时支持http和https协议总结

网站架构如下：



1、修改nginx配置文件，注释处都是修改要注意的地方        listen 80;
        listen 443 ssl;#添加ssl支持
        server_name localhost;

        #ssl on;#不要开启，否则只能用https,访问http会报nginx 400错误
        ssl_certificate 1_sd.com_bundle.crt; #文件放在conf目录下
        ssl_certificate_key 2_sd.com.key; #文件放在conf目录下
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;

        location ~ .*\.(php|jsp|cgi|page|action|service|do|ajax|html|htm)?$ {
            proxy_set_header   Host             $host:80;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto  $scheme; #反向代理时透传给后端tomcat，用户使访问协议，tomcat后面也需要添加配置接收此参数

            proxy_pass http://backend_server;             proxy_redirect http:// $scheme://; #防止redirect跳回http
            expires   1s;
            add_header Cache-Control maxage=1;
            add_header Pragma public;
        }

2、修改tomcat配置文件server.xml，接收nginx透传过来的协议类型<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
protocolHeaderHttpsValue="https"/>