环境中前端一台nginx,后端tomcat,现在要对client到nginx的请求进行ssl加密,考虑到速度的影响,只对动态请求加密(即所有已.do结尾的请求),其它js/png 等文件不加密,为避免https与http混排的问题,jsp也不加密。nginx.conf主要配置:
server {
listen 80;
server_name localhost;
...
location / {
root /apps/oa/oaapp/OA1;
index index.jsp index.html;
}
location ~ .*\.do$ {
rewrite ^(.*)$ https://ittest.example.com$1 permanent;
}
}
server {
listen 443;
server_name ittest.example.com;
ssl on;
...
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
比如现在访问登录页面login.html时,发送用户名密码请求http://ittest.example.com/member/login.do,按照上面的规则应该被rewrite到https://ittest.example.com/member/login.do处理,我从chrome也确实看到了301重定向了,但是,新的https请求方法变成了GET,用户名密码信息也没从http传送过去。请问该怎么解决?
301就是这样的,可以尝试配置307状态码,在现代浏览器中它不会把post转化为get
[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]()