概述
之前在一台服务器上发布了两个项目, 然后两个项目要对应不同的域名还需要支持https, 开始的做法是两个项目放到一个tomcat里面,然后通过配置host 和 443 端口
<Host name="api.test1.cn" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context path="" docBase="test1" debug="0" reloadable="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
<Host name="api.test2.com" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context path="" docBase="test2" reloadable="true" />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
这里配置https
<Connector port="443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="api.test1.cn">
<SSLHostConfig hostName="api.test1.cn">
<Certificate certificateKeystoreFile="key/wwwseeyom.keystore" certificateKeystorePassword="qq93085306" type="RSA"/>
</SSLHostConfig>
<SSLHostConfig hostName="api.test2.cn">
<Certificate certificateKeystoreFile="key/a8v5seeyom.keystore" certificateKeystorePassword="tel15008086707" type="RSA"/>
</SSLHostConfig>
</Connector>
这样即可
然后这样总觉得不爽,一个tomat放两个项目,不说占用内存吧, 就重启都需要两个一起
现修改nginx反向代理
nginx安装步骤就不说了, 自己查吧。
如果用nginx做方向代理, 那之前tomcat设置的https也就不用配置了, 也就是两个tomat 两个项目,tomcat都是最原始的配置,修改下端口号即可 比如: 8081 8082
然后修改nginx配置文件,/etc/nginx/nginx.conf (找到自己的配置文件)
upstream api.test1.cn {
#ip_hash;
server 127.0.0.1:8081;
}
upstream api.test2.com {
#ip_hash;
server 127.0.0.1:8082;
}
server {
listen 80;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name api.starandme.cn;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/nginx/test1/test1.crt";
ssl_certificate_key "/etc/pki/nginx/test1/test1.rsa";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://api.test1.cn/;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name api.test2.cn;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/nginx/test2/test2.crt";
ssl_certificate_key "/etc/pki/nginx/test2/test2.rsa";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://api.test2.cn/;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
然后nginx -t
nginx -s reload 即可
ssl_certificate "/etc/pki/nginx/test2/test2.crt";
ssl_certificate_key "/etc/pki/nginx/test2/test2.rsa";
这个地方的两个文件可以通过下面命令生成:
openssl pkcs12 -in ./YOUR-PFX-FILE.pfx -clcerts -nokeys -out test1.crt openssl pkcs12 -in ./YOUR-PFX-FILE.pfx -nocerts -nodes -out test1.rsa
最后
以上就是明亮雨为你收集整理的记录一次nginx 代理80 443 多tomcat服务的全部内容,希望文章能够帮你解决记录一次nginx 代理80 443 多tomcat服务所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复