nginx设置443端口和tomcat通过http访问
直接上配置文件
upstream serve1{
server 10.1.1.1:8080;
}
upstream serve2{
server 10.1.1.2:8080;
}
server {
listen 80;
server_name www.xxx.com;
return 301 https://$server_name$request_uri;
}#访问www.xxx.com时会强制跳转到https进行访问
server {
listen 443 ssl;
server_name www.xxx.com; #ip或者域名
ssl on;
ssl_certificate /home/cert-out/outserver.crt;
ssl_certificate_key /home/cert-out/outserver_no_password.key;#有密码时重启nginx会要求输入密码
#location / {
#proxy_pass http://serve1;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#}
location /serve1 {
proxy_pass http://serve1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /serve2 {
proxy_pass http://serve2;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /serve1/websocket {#websocket配置 前台需要用wss访问
proxy_pass http://serve1/serve1/websocket;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 3600;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
tomcat配置:
<!--server.xml-->
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="1000"
minProcessors="100"
maxProcessors="1000"
minSpareThreads="100"
maxSpareThreads="1000"
enableLookups="false"
URIEncoding="utf-8"
acceptCount="1000"
connectionTimeout="20000"
disableUploadTimeout="ture"
redirectPort="443" <!--这里的443也是一样的指定要访问https时 443对应nginx的443,如果没有nginx 则配置tomcat自己的https端口 默认是8443吧 记得2边得对应上-->
proxyPort="443" /><!--不要加proxyPort="443" 有时访问80端口时会强制跳转到443端口 不知道为什么
更新 查了proxyPort的作用 只会在有代理的情况下产生作用,通俗的讲就是proxyPort影响request.getServerPort()的值 也就是会影响重定向的绝对URL 也就是说配置了nginx tomcat重定向的端口会使用proxyPort设置的端口,我之前的情况是有301 所以访问80时重定向到了443端口。 注意有301和302的情况就行
-->
<!--Host标签里加-->
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
如果在tomcat中需要使用302跳转 可在配置
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
springboot也是配置这几项。
然后再nginx中配置
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
即可。当时在访问项目根路径时还是有问题。tomcat不启动https 或者nginx 80端口没处理还是会跳转http
ok这样就实现了https nginx+tomcat访问