nginx反向代理tomcat,实现https+域名访问
2020-05-18 343
nginx反向代理tomcat,实现https+域名访问
反向代理要实现https+域名访问,有两种方法
第一种:nginx实现https,tomcat为http
1.tomcat的server.xml修改
<!--修改代码块1 -->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443" />
<!-- 修改代码块2-->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />2.nginx的nginx.conf文件修改
upstream tomcat {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 443;
server_name www.itwps.com; #域名
ssl on;
ssl_certificate 1_itwps.com_bundle.crt; #切换成你的证书文件位置
ssl_certificate_key 2_itwps.com.key; #切换成你的证书文件位置
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://tomcat; #修改配置,与上面tomcat一致
}
}完成以上配置,重启tomcat和nginx即可,如果有项目,把项目放到webapps文件夹下即可。
第二种:nginx实现https,tomcat实现https
1.tomcat的server.xml配置,也可以参考这篇文章:http://www.itwps.com/d072/0664(.jks配置tomat开启https)
图一
图二
添加修改以下代码
<!--添加修改代码块1 -->
<Connector port="你的端口号" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="cret/www.itwps.com.jks" <!--.jks证书存放位置 -->
certificateKeystorePassword="申请SSL证书的私钥密码"
type="RSA" />
</SSLHostConfig>
</Connector>
<!--添加修改代码块2 -->
<Host name="申请SSL证书填写的域名,例如:www.itwps.com" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- 开启项目目录 -->
<Context docBase="项目存放在服务器山的完整路径" path="" />tomcat修改结束
2.修改nginx的nginx.conf配置文件
upstream tomcat {
server 127.0.0.1:tomcat中你的端口号 fail_timeout=0;
}
server {
listen 443;
server_name 需要访问的域名,如:www.itwps.com;
ssl on;
ssl_certificate cert/1_itwps.com_bundle.crt; #切换成你的证书文件位置
ssl_certificate_key cert/2_itwps.com.key; #切换成你的证书文件位置
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass https://tomcat;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
}
}nginx修改结束
注:本篇文章中第一种方法有借鉴思否-未未某的文章,地址:https://segmentfault.com/a/1190000016584420