概述
一、缘起
由于一个服务器需要部署多个小程序服务端,而小程序必须要使用https协议,需要使用443端口,所以需要将443端口做反向代理。
二、nginx 配置
注意点:
1.ssl_certificate 和 ssl_certificate_key 都是指 nginx/con/ 下的相对位置
1.5 证书和秘钥文件都要放在nginx/con/ 下
2.ssl_certificate_key 后面的空格只能有一个,否则找不到文件
3.一个服务 需要3部分 upstream 、server (80)、server (443),需要增加应用,这3个配置复制一份即可
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# 服务1
upstream community {
server 127.0.0.1:8080;
}
server {
listen 80;
server_name www.moonknightsoft.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name www.moonknightsoft.com;
# 注意 这里的位置都是指 nginx/con/ 下的相对位置
ssl_certificate 1_www.moonknightsoft.com_bundle.crt;
# 注意 下边这行空格只能有一个
ssl_certificate_key 2_www.moonknightsoft.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
proxy_pass http://community;
}
}
# 服务2 (多个服务配置多份即可)
upstream teacher {
server 127.0.0.1:8082;
}
server {
listen 80;
server_name teacher.moonknightsoft.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name teacher.moonknightsoft.com;
ssl_certificate 1_teacher.moonknightsoft.com_bundle.crt;
ssl_certificate_key 2_teacher.moonknightsoft.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
proxy_pass http://teacher;
}
}
}
三、tomcat 配置
nginx配置了 ssl 证书了,tomcat 就无需配置ssl证书了。tomcat只要做好应用的配置即可。
注意点:
1.proxyPort=“443” 必须要
2.Valve RemoteIpValve 必须要
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="community">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="/usr/local/tomcat/webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs/communityAccess/"
prefix="community_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
</Host>
</Engine>
</Service>
<Service name="teacher">
<Connector port="8082" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="/usr/local/tomcat/webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs/teacherAccess/"
prefix="teacher_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
</Host>
</Engine>
</Service>
</Server>
最后
以上就是漂亮灰狼为你收集整理的腾讯云(六)80 和 443端口反向代理 tomcat和nginx的配置的全部内容,希望文章能够帮你解决腾讯云(六)80 和 443端口反向代理 tomcat和nginx的配置所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复