nginx https 反向代理 tomcat的二种方法

前端之家收集整理的这篇文章主要介绍了nginx https 反向代理 tomcat的二种方法前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

Nginx做前端代理分发,tomcat处理请求。Nginx反代tomcat实现https有二个方法

一,Nginx配置https,tomcat也配置https

1,Nginx配置https

upstream https_tomcat_web {
        server 127.0.0.1:8443;
}

server {
        listen       443;
        server_name  www.test.com;
        index index.html;
        root   /var/www/html/test;

        ssl on;
        ssl_certificate /etc/Nginx/go.pem;
        ssl_certificate_key /etc/Nginx/go.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1.2;
#        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        location ~ ^/admin {
            proxy_pass https://https_tomcat_web;  //是https的
            proxy_redirect                      off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       100m;
            client_body_buffer_size    256k;
            proxy_connect_timeout      60;
            proxy_send_timeout         30;
            proxy_read_timeout         30;
            proxy_buffer_size          8k;
            proxy_buffers              8 64k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }

        error_page 404 /404.html;
        location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;

        location = /50x.html {
        }

}

2,tomcat的https配置,配置文件server.xml

添加以下内容
 

配置好后重新启动Nginx,tomcat,就可以https访问了,这也是我现在采用的配置方式 。

二,Nginx采用https,tomcat采用http

1,Nginx配置https

upstream https_tomcat_web {
        server 127.0.0.1:8001;
}

server {
        listen       443;
        server_name  www.test.com;
        index index.html;
        root   /var/www/html/test;

        ssl on;
        ssl_certificate /etc/Nginx/go.pem;
        ssl_certificate_key /etc/Nginx/go.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1.2;
#        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        location ~ ^/admin {
            proxy_pass http://https_tomcat_web;  //是http的
            proxy_redirect                      off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       100m;
            client_body_buffer_size    256k;
            proxy_connect_timeout      60;
            proxy_send_timeout         30;
            proxy_read_timeout         30;
            proxy_buffer_size          8k;
            proxy_buffers              8 64k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }

        error_page 404 /404.html;
        location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;

        location = /50x.html {
        }

}

2,tomcat的http配置,配置文件server.xml


重启Nginx,tomcat,https就配置好了。

不管是第一种方法,还是第二种方法,如果通过http,直接访问8001端口,浏览器都会提示你不安全的访问,因为本身是http,确被重定向到了https。

猜你在找的Nginx相关文章