环境中前端一台nginx,后端tomcat,现在要对client到nginx的请求进行ssl加密,考虑到速度的影响,只对动态请求加密(即所有已.do
结尾的请求),其它js/png 等文件不加密,为避免https与http混排的问题,jsp也不加密。nginx.conf
主要配置:
server {
listen 80;
server_name localhost;
...
location / {
root /apps/oa/oaapp/OA1;
index index.jsp index.html;
}
location ~ .*\.do$ {
rewrite ^(.*)$ https://ittest.example.com permanent;
}
}
server {
listen 443;
server_name ittest.example.com;
ssl on;
...
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
比如现在访问登录页面login.html时,发送用户名密码请求http://ittest.example.com/member/login.do
,按照上面的规则应该被rewrite到https://ittest.example.com/member/login.do
处理,我从chrome也确实看到了301重定向了,但是,新的https请求方法变成了GET,用户名密码信息也没从http传送过去。请问该怎么解决?
301就是这样的,可以尝试配置307状态码,在现代浏览器中它不会把post转化为get
[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![] +[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[] +!+[]]+(!![]+[])[+!+[]]]([][(![]+[])[+[]]+([![]]+[ ][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[ +[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[ ])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[ ][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[ +[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[ +!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[] +!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[]) [+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]] ]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[ ]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]] +(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[ ]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[] ]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+ []+[+[]]]+(!![]+[])[+!+[]]()