1.配置nginx反向代理到tomcat上,最好是在tomcat的server.xml上的 加入address="127.0.0.1"来限制其他IP访问
然后在 ngix上配置反向代理
配置如下,
upstream xxx_server {
server 127.0.0.1:8888 weight=1 max_fails=2;
keepalive 100;
}
server {
listen 80;
server_name x.x.x.x 127.0.0.1;
client_max_body_size 256M;
location /{
proxy_pass http://xxx_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
client_max_body_size 30m;
client_body_buffer_size 512k;
}
}
2.websocket ws://........
原来AB两个项目通过websocket进行数据推送。
对A项目进行 nginx https配置后,发现WS不通。确认需要将B项目也加上https配置。并将ws://修改成wss://
参考配置如下:
server {
listen 80;
server_name ws.example.com;
ssl on; ssl_certificate ws.example.com.bundle.crt; ssl_certificate_key ws.example.com.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;
location / {
access_log off;
proxy_pass http://ws.example.com:10080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}}# Path rewriting rewrite /(.*) /$1 break; proxy_redirect off;