一、缘起
由于一个服务器需要部署多个小程序服务端,而小程序必须要使用https协议,需要使用443端口,所以需要将443端口做反向代理。
二、nginx 配置
注意点:
1.ssl_certificate 和 ssl_certificate_key 都是指 nginx/con/ 下的相对位置
1.5 证书和秘钥文件都要放在nginx/con/ 下
2.ssl_certificate_key 后面的空格只能有一个,否则找不到文件
3.一个服务 需要3部分 upstream 、server (80)、server (443),需要增加应用,这3个配置复制一份即可
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; # 服务1 upstream community { server 127.0.0.1:8080; } server { listen 80; server_name www.moonknightsoft.com; rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443 ssl; server_name www.moonknightsoft.com; # 注意 这里的位置都是指 nginx/con/ 下的相对位置 ssl_certificate 1_www.moonknightsoft.com_bundle.crt; # 注意 下边这行空格只能有一个 ssl_certificate_key 2_www.moonknightsoft.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; proxy_connect_timeout 240; proxy_send_timeout 240; proxy_read_timeout 240; proxy_pass http://community; } } # 服务2 (多个服务配置多份即可) upstream teacher { server 127.0.0.1:8082; } server { listen 80; server_name teacher.moonknightsoft.com; rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443 ssl; server_name teacher.moonknightsoft.com; ssl_certificate 1_teacher.moonknightsoft.com_bundle.crt; ssl_certificate_key 2_teacher.moonknightsoft.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; proxy_connect_timeout 240; proxy_send_timeout 240; proxy_read_timeout 240; proxy_pass http://teacher; } } }
三、tomcat 配置
nginx配置了 ssl 证书了,tomcat 就无需配置ssl证书了。tomcat只要做好应用的配置即可。
注意点:
1.proxyPort=“443” 必须要
2.Valve RemoteIpValve 必须要
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70<?xml version="1.0" encoding="UTF-8"?> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="community"> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" proxyPort="443"/> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="/usr/local/tomcat/webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs/communityAccess/" prefix="community_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto"/> </Host> </Engine> </Service> <Service name="teacher"> <Connector port="8082" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" proxyPort="443"/> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="/usr/local/tomcat/webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs/teacherAccess/" prefix="teacher_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto"/> </Host> </Engine> </Service> </Server>
最后
以上就是漂亮灰狼最近收集整理的关于腾讯云(六)80 和 443端口反向代理 tomcat和nginx的配置的全部内容,更多相关腾讯云(六)80内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复