根据项目需求，需要在nginx上开启SSL配置证书，https访问域名然后访问后端的http tomcat程序。需要设置http 80强制跳转https。

80配置添加

rewrite ^(.*)$ https://${server_name}$1 permanent;

完整配置信息如下 

 server {listen       80;server_name  abc.111.com;# force redirect http to httpsrewrite ^(.*)$ https://${server_name}$1 permanent;#access_log  logs/host.access.log  main;location / {root   html;index  index.html index.htm;}#error_page  404              /404.html;# redirect server error pages to the static page /50x.html#error_page   500 502 503 504  /50x.html;location = /50x.html {root   html;}}

443 SSL配置

在location或者server里面添加

proxy_redirect http:// $scheme://;

完整配置信息如下 

server {listen 443 ssl;server_name abc.111.com;root html;index index.html index.htm;ssl_certificate C:/nginx/cert/server.crt;ssl_certificate_key C:/nginx/cert/server.key;ssl_session_timeout 30m;# intermediate configurationssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;ssl_prefer_server_ciphers off;client_max_body_size 100m;proxy_set_header  X-Real-IP  $remote_addr;proxy_set_header Host $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	# HTTP Force Jump to HTTPSproxy_redirect http:// $scheme://;# To resolve nginx 504 issueproxy_connect_timeout 600;proxy_send_timeout 600;proxy_read_timeout 600;# SVN Serverlocation /app {proxy_pass http://127.0.0.1:8888;}
}