Nginx https+ tomcat http
2021-02-11 13:20
标签:protoc unp ali server apache -name XML 连接 ati 最终配置的方案是浏览器和 Nginx 之间走的 HTTPS 通讯,而 Nginx 到 Tomcat 通过 proxy_pass 走的是普通 HTTP 连接。 下面是详细的配置(Nginx 端口 80/443,Tomcat 的端口 8080): Nginx 这一侧的配置没什么特别的: 其中最为关键的就是 ssl_certificate 和 ssl_certificate_key 这两项配置,其他的按正常配置。不过多了一个 proxy_set_header X-Forwarded-Proto https; 配置。 最主要的配置来自 Tomcat,下面是我测试环境中的完整 server.xml:upstream tomcat {
server 127.0.0.1:8080 fail_timeout=0;
}
# HTTPS server
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /Users/winterlau/Desktop/SSL/oschina.bundle.crt;
ssl_certificate_key /Users/winterlau/Desktop/SSL/oschina.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://tomcat;
}
}
xml version=‘1.0‘ encoding=‘utf-8‘?>
Server port="8005" shutdown="SHUTDOWN">
Service name="Catalina">
Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443"/>
Engine name="Catalina" defaultHost="localhost">
Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"
/>
Context path="" docBase="/oschina/webapp" reloadable="false"/>
Host>
Engine>
Service>
Server>
上述的配置中没有什么特别的,但是特别特别注意的是必须有 proxyPort="443",这是整篇文章的关键,当然 redirectPort 也必须是 443。同时
Nginx https+ tomcat http
标签:protoc unp ali server apache -name XML 连接 ati
原文地址:https://www.cnblogs.com/hmII/p/13040978.html