nginx 前端https +tomcat 后端 http 非80、443端口反向代理的配置方式
前端nginx https +tomcat http 非80端口配置方式
Nginx增加以下配置
proxy_set_header Host host:host:server_port; 非80端口 ,用80端口时 不需要$server_port
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; //主要加这个协议Tomcat server.xml配置
<Engine name="Catalina" defaultHost="localhost">
位置: <Host ....中 />
<!-- 方法一: -->
<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeaderHttpsValue="https" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" />
<!-- 方法二: -->
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
protocolHeaderHttpsValue="https" httpsServerPort="7001"/> 非80端口时,必须增加httpsServerPort配置,不然request.getServerPort()方法返回 443.
</Engine>例如:
upstream backend {
hash $remote_addr consistent;
server 192.168.1.41:4444 max_fails=3 fail_timeout=10s;
server 192.168.1.41:5555 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
listen 443 ssl http2;
server_name 304350.com;
#HTTP_TO_HTTPS_END
ssl_certificate /ssl/fullchain.pem;
ssl_certificate_key /ssl/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
location / {
proxy_pass http://backend;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 防止静态资源找不到
location ~ .* {
proxy_pass http://backend;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$ {
expires 12h;
}
location ~ .*\.war$ {
return 404;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
error_log off;
access_log /dev/null;
}
location ~ .*\.(js|css)?$ {
expires 12h;
error_log off;
access_log /dev/null;
}
}tomcat
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- 添加这行
<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeaderHttpsValue="https" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" />
-->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<!-- path是访问路径, docBase是项目实际路径-->
<Context crossContext="true" path="/" docBase="./xxxx" reloadable="true" />
</Host>Last updated