你需要做的几件事...

You need to do a few things ...

1. 在 nginx 方面，使用来自 RFC7239 的标准 Forwarded 标头，而不是 X-Forwarded-* 标头.这是因为 X-Forwarded-* 标头不是标准，并且在它们的用法上存在冲突.(在您的示例中，您将端口分开，这现在也与端口的host"、proto"和for"用法冲突)

1. On the nginx side, Use the Standard Forwarded header from RFC7239, not the X-Forwarded-* headers. This is because the X-Forwarded-* headers are not a standard and conflict in meaning across their usage. (in your example, you made the port separate, which now conflicts with the "host", "proto", and "for" usages for the port as well)

在 Jetty 端，启用 ForwardedRequestCustomizer.这将查找各种转发标头并更新请求的权限、原型和安全".适当地标记.

On the Jetty side, enable the ForwardedRequestCustomizer. This will look for the various Forwarding headers and update the request's authority, protos, and "is secure" flags appropriately.

在 Jetty 端，将 HttpConfiguration.securePort 配置为 nginx 上 SSL/TLS 的端口，而不是 Jetty 本身使用的端口.

On the Jetty side, configure the HttpConfiguration.securePort to be the port for your SSL/TLS on your nginx, not the port that Jetty itself uses.