nginx https 反向代理 tomcat的二种方法

Nginx做前端代理分发，tomcat处理请求。Nginx反代tomcat实现https有二个方法。

一，Nginx配置https，tomcat也配置https

1，Nginx配置https

upstream https_tomcat_web {
        server 127.0.0.1:8443;
}

server {
        listen       443;
        server_name  www.test.com;
        index index.html;
        root   /var/www/html/test;

        ssl on;
        ssl_certificate /etc/Nginx/go.pem;
        ssl_certificate_key /etc/Nginx/go.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1.2;
#        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        location ~ ^/admin {
            proxy_pass https://https_tomcat_web;  //是https的
            proxy_redirect                      off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       100m;
            client_body_buffer_size    256k;
            proxy_connect_timeout      60;
            proxy_send_timeout         30;
            proxy_read_timeout         30;
            proxy_buffer_size          8k;
            proxy_buffers              8 64k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }

        error_page 404 /404.html;
        location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;

        location = /50x.html {
        }

}

2，tomcat的https配置,配置文件server.xml

添加以下内容
 
配置好后重新启动Nginx，tomcat，就可以https访问了，这也是我现在采用的配置方式 。
二，Nginx采用https，tomcat采用http
1，Nginx配置https
upstream https_tomcat_web {
        server 127.0.0.1:8001;
}

server {
        listen       443;
        server_name  www.test.com;
        index index.html;
        root   /var/www/html/test;

        ssl on;
        ssl_certificate /etc/Nginx/go.pem;
        ssl_certificate_key /etc/Nginx/go.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1.2;
#        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        location ~ ^/admin {
            proxy_pass http://https_tomcat_web;  //是http的
            proxy_redirect                      off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       100m;
            client_body_buffer_size    256k;
            proxy_connect_timeout      60;
            proxy_send_timeout         30;
            proxy_read_timeout         30;
            proxy_buffer_size          8k;
            proxy_buffers              8 64k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }

        error_page 404 /404.html;
        location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;

        location = /50x.html {
        }

}

2，tomcat的http配置,配置文件server.xml

重启Nginx，tomcat，https就配置好了。
不管是第一种方法，还是第二种方法，如果通过http，直接访问8001端口，浏览器都会提示你不安全的访问，因为本身是http，确被重定向到了https。
 原文链接：https://www.f2er.com/nginx/447340.html

nginx https 反向代理 tomcat的二种方法

猜你在找的Nginx相关文章