温馨提示:这篇文章已超过952天没有更新,请注意相关的内容是否还可用!
这篇文章主要给大家介绍了关于nginx https反向代理tomcat的2种实现方法,第一种方法是nginx配置https,tomcat也配置https,第二种方法是nginx采用https,tomcat采用http,文中通过示例代码介绍的非常详细,需要的朋友可以参考下。
反向代理

在计算机世界里,由于单个服务器的处理客户端(用户)请求能力有一个极限,当用户的接入请求蜂拥而入时,会造成服务器忙不过来的局面,可以使用多个服务器来共同分担成千上万的用户请求,这些服务器提供相同的服务,对于用户来说,根本感觉不到任何差别。
nginx做前端代理分发,tomcat处理请求。nginx反代tomcat实现https有二个方法。
一、nginx配置https,tomcat也配置https
1、nginx配置https
123456789101112131415161718192021222324252627282930313233343536373839 upstream https_tomcat_web {
server 127.0.0.1:8443;
}
server {
listen 443;
server_name www.test.com;
index index.html;
root /var/www/html/test;
ssl on;
ssl_certificate /etc/nginx/go.pem;
ssl_certificate_key /etc/nginx/go.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location ~ ^/admin {
proxy_pass https://https_tomcat_web; //是https的
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100m;
client_body_buffer_size 256k;
proxy_connect_timeout 60;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_buffer_size 8k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
2、tomcat的https配置,配置文件server.xml
123456789101112131415161718192021 <
Service
name
=
"Catalina"
>
<
Connector
port
=
"8001"
protocol
=
"HTTP/1.1"
connectionTimeout
=
"20000"
redirectPort
=
"8443"
/>
<
Connector
port
=
"8091"
protocol
=
"AJP/1.3"
redirectPort
=
"8443"
/>
//添加以下内容
<
Connector
port
=
"8443"
protocol
=
"HTTP/1.1"
SSLEnabled
=
"true"
scheme
=
"https"
secure
=
"false"
keystoreFile
=
"cert/gotom.pfx"
keystoreType
=
"PKCS12"
keystorePass
=
"214261272770418"
clientAuth
=
"false"
SSLProtocol
=
"TLSv1+TLSv1.1+TLSv1.2"
ciphers
=
"TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"
/>
..................省略....................
</
Service
>
配置好后重新启动nginx,tomcat,就可以https访问了,这也是我现在采用的配置方式 。
二、nginx采用https,tomcat采用http
1、nginx配置https
123456789101112131415161718192021222324252627282930313233343536373839 upstream https_tomcat_web {
server 127.0.0.1:8001;
}
server {
listen 443;
server_name www.test.com;
index index.html;
root /var/www/html/test;
ssl on;
ssl_certificate /etc/nginx/go.pem;
ssl_certificate_key /etc/nginx/go.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location ~ ^/admin {
proxy_pass http://https_tomcat_web; //是http的
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100m;
client_body_buffer_size 256k;
proxy_connect_timeout 60;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_buffer_size 8k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
2、tomcat的http配置,配置文件server.xml
1234567891011 <
Service
name
=
"Catalina"
>
<
Connector
port
=
"8001"
protocol
=
"HTTP/1.1"
connectionTimeout
=
"20000"
redirectPort
=
"443"
/> //在这里重新定向到了443端口
<
Connector
port
=
"8091"
protocol
=
"AJP/1.3"
redirectPort
=
"443"
/>
..................省略....................
</
Service
>
重启nginx,tomcat,https就配置好了。
不管是第一种方法,还是第二种方法,如果通过http,直接访问8001端口,浏览器都会提示你不安全的访问,因为本身是http,确被重定向到了https。
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对脚本之家的支持。
这篇文章主要给大家介绍了关于nginx https反向代理tomcat的2种实现方法,第一种方法是nginx配置https,tomcat也配置https,第二种方法是nginx采用https,tomcat采用http,文中通过示例代码介绍的非常详细,需要的朋友可以参考下。
反向代理
在计算机世界里,由于单个服务器的处理客户端(用户)请求能力有一个极限,当用户的接入请求蜂拥而入时,会造成服务器忙不过来的局面,可以使用多个服务器来共同分担成千上万的用户请求,这些服务器提供相同的服务,对于用户来说,根本感觉不到任何差别。
nginx做前端代理分发,tomcat处理请求。nginx反代tomcat实现https有二个方法。
一、nginx配置https,tomcat也配置https
1、nginx配置https
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | upstream https_tomcat_web { server 127.0.0.1:8443; } server { listen 443; server_name www.test.com; index index.html; root /var/www/html/test; ssl on; ssl_certificate /etc/nginx/go.pem; ssl_certificate_key /etc/nginx/go.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1.2; # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_prefer_server_ciphers on; location ~ ^/admin { proxy_pass https://https_tomcat_web; //是https的 proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100m; client_body_buffer_size 256k; proxy_connect_timeout 60; proxy_send_timeout 30; proxy_read_timeout 30; proxy_buffer_size 8k; proxy_buffers 8 64k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } |
2、tomcat的https配置,配置文件server.xml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | < Service name = "Catalina" > < Connector port = "8001" protocol = "HTTP/1.1" connectionTimeout = "20000" redirectPort = "8443" /> < Connector port = "8091" protocol = "AJP/1.3" redirectPort = "8443" /> //添加以下内容 < Connector port = "8443" protocol = "HTTP/1.1" SSLEnabled = "true" scheme = "https" secure = "false" keystoreFile = "cert/gotom.pfx" keystoreType = "PKCS12" keystorePass = "214261272770418" clientAuth = "false" SSLProtocol = "TLSv1+TLSv1.1+TLSv1.2" ciphers = "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" /> ..................省略.................... </ Service > |
配置好后重新启动nginx,tomcat,就可以https访问了,这也是我现在采用的配置方式 。
二、nginx采用https,tomcat采用http
1、nginx配置https
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | upstream https_tomcat_web { server 127.0.0.1:8001; } server { listen 443; server_name www.test.com; index index.html; root /var/www/html/test; ssl on; ssl_certificate /etc/nginx/go.pem; ssl_certificate_key /etc/nginx/go.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1.2; # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_prefer_server_ciphers on; location ~ ^/admin { proxy_pass http://https_tomcat_web; //是http的 proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100m; client_body_buffer_size 256k; proxy_connect_timeout 60; proxy_send_timeout 30; proxy_read_timeout 30; proxy_buffer_size 8k; proxy_buffers 8 64k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } |
2、tomcat的http配置,配置文件server.xml
1 2 3 4 5 6 7 8 9 10 11 | < Service name = "Catalina" > < Connector port = "8001" protocol = "HTTP/1.1" connectionTimeout = "20000" redirectPort = "443" /> //在这里重新定向到了443端口 < Connector port = "8091" protocol = "AJP/1.3" redirectPort = "443" /> ..................省略.................... </ Service > |
重启nginx,tomcat,https就配置好了。
不管是第一种方法,还是第二种方法,如果通过http,直接访问8001端口,浏览器都会提示你不安全的访问,因为本身是http,确被重定向到了https。
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对脚本之家的支持。
赞0
☆收藏0
免责声明:本文来自海底苍鹰 ,不代表VPS857的观点和立场,如有侵权请联系本平台处理。
还没有评论,来说两句吧...