总体的流程如下:
进入网站(http或https)-> nginx(存储静态信息,页面,图片等)
如果需要走后台(tomact),对后台项目名称进行拦截,比如我们在A静态项目中需要访问B后台项目中的接口,那么我们对B文件利用nginx进行分发。
由于A访问B文件会有跨域问题,我们在nginx解决跨域。
nginx.conf文件
#user nobody;
user root; // 使用root用户,因为我在 html/img下新建文件后访问权限不够无法访问
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream host {
server 127.0.0.1:8080 fail_timeout=0; // tomact路径
ip_hash; // 保持session
}
server { // 80端口为http 做一个跳转到https
listen 80;
server_name ******; // 域名 aaa.com
rewrite ^(.*)$ https://$host$1 permanent;
}
# HTTPS server
#
server {
listen 443 ssl;
server_name ***; //域名 aaa.com
ssl_certificate /usr/local/nginx/cert/*****.crt;
ssl_certificate_key /usr/local/nginx/cert/*****.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
location /img/ { //图片访问路径
alias /usr/local/nginx/html/img/;
autoindex on;
}
location /B/ { //后面项目名称,前三行是解决跨域问题
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://host; // 跳转到访问tomact
}
}
}
tomact中的server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443" />
这个地方的name与nginx中server_name填写一致
<Host name="****" appBase="webapps"
unpackWARs="true" autoDeploy="true">
扫一扫
860
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
