windows server 下nginx与tomcat的一些配置心得
2021-03-14 00:28
标签:baidu protoc use protocol lse direct remote 评估 ado 最近两天一直在为客户解决主机和站点的漏洞问题(绿盟科技“远程安全评估系统”),针对相关漏洞,最常见的就是升级相关软件版本。 一般升级到最新版本即可,本次就将nginx从1.13.6升级到1.17.9,tomcat从8.5.16升级到了8.5.51。 先将部署结构图简单描述如下: 1、tomcat配置 软件升级完之后最常见的就是配置了,tomcat的配置相对简单,需要修改的地方有两处: \conf\server.xml \conf\web.xml 紧挨着web-app根标签修改为如下结构: 2、nginx的配置 \conf\nginx.conf 配置如下: 3、tomcat与nginx启动之后,在服务器本地上有两种方式对服务进行访问: 4、与服务器处于同一个局域网的电脑上访问 需要注意服务器上都是开放了哪些端口,只能访问允许的端口,否则需要创建新的入站规则,如果想要开放9005端口,在控制面板-防火墙-新建入站规则,将9005端口添加进去。 5、如果在一个nginx下配置两个测试地址,那么就要在nginx里配置两个server,监听两个端口。每个server映射一个tomcat,两个tomcat下分别放新代码和旧代码,那么就可以做到配置两个环境。 同样需要注意的是监听的端口要对外开放。根据端口的不同访问不同的服务,此时的配置图如下: windows server 下nginx与tomcat的一些配置心得 标签:baidu protoc use protocol lse direct remote 评估 ado 原文地址:https://www.cnblogs.com/tank073/p/12512573.html
#user nobody;
worker_processes 16;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
server_token off;
log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
## Start: Timeouts ##
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 30;
send_timeout 10;
keepalive_requests 10;
## End: Timeouts ##
#gzip on;
map $http_upgrade $connection_upgrade {
default upgrade;
‘‘ close;
}
upstream xuehua {
ip_hash;
server 127.0.0.1:9005;
server 127.0.0.1:9006;
server 127.0.0.1:9007;
server 127.0.0.1:9008;
server 127.0.0.1:9009;
}
upstream xuehua2 {
ip_hash;
server 127.0.0.1:9019;
}
upstream myserver {
ip_hash;
server 127.0.0.1:35001;
server 127.0.0.1:35002;
}
server {
listen 8081;
server_name localhost;
location ^~ /api/Message {
proxy_pass http://myserver/Message;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /api/ {
proxy_pass http://myserver/;
proxy_set_header X-Real-IP $remote_addr;
}
#配置防盗链
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)$ {
valid_referers none blocked server_names *.ahcrb.net.cn
http://localhost baidu.com;
if ($invalid_referer) {
rewrite ^/ [img]http://ahcrb.net.cn/images/default/logo.gif[/img];
# return 403;
}
}
#location / {
# allow 127.0.0.1;
# deny all;
#}
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10;
proxy_read_timeout 200;
proxy_send_timeout 90;
proxy_pass http://xuehua2/;
}
error_page 403 404 /404.html;
location =/404.html {
internal;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 8082;
server_name 172.16.90.29;
location ^~ /api/Message {
proxy_pass http://myserver/Message;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /api/ {
proxy_pass http://myserver/;
proxy_set_header X-Real-IP $remote_addr;
}
#location / {
# allow 127.0.0.1;
# deny all;
#}
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10;
proxy_read_timeout 200;
proxy_send_timeout 90;
proxy_pass http://xuehua2/;
}
error_page 403 404 /404.html;
location =/404.html {
internal;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
文章标题:windows server 下nginx与tomcat的一些配置心得
文章链接:http://soscw.com/index.php/essay/64336.html