nginx设置443端口和tomcat经过http访问nginx
直接上配置文件web
upstream serve1{ server 10.1.1.1:8080; } upstream serve2{ server 10.1.1.2:8080; } server { listen 80; server_name www.xxx.com; return 301 https://$server_name$request_uri; }#访问www.xxx.com时会强制跳转到https进行访问 server { listen 443 ssl; server_name www.xxx.com; #ip或者域名 ssl on; ssl_certificate /home/cert-out/outserver.crt; ssl_certificate_key /home/cert-out/outserver_no_password.key;#有密码时重启nginx会要求输入密码 #location / { #proxy_pass http://serve1; #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #} location /serve1 { proxy_pass http://serve1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 50m; client_body_buffer_size 256k; proxy_connect_timeout 30; proxy_send_timeout 30; proxy_read_timeout 60; proxy_buffer_size 16k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } location /serve2 { proxy_pass http://serve2; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 50m; client_body_buffer_size 256k; proxy_connect_timeout 30; proxy_send_timeout 30; proxy_read_timeout 60; proxy_buffer_size 16k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } location /serve1/websocket {#websocket配置 前台须要用wss访问 proxy_pass http://serve1/serve1/websocket; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 3600; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
tomcat配置:spring
<!--server.xml--> <Connector port="8080" protocol="HTTP/1.1" maxThreads="1000" minProcessors="100" maxProcessors="1000" minSpareThreads="100" maxSpareThreads="1000" enableLookups="false" URIEncoding="utf-8" acceptCount="1000" connectionTimeout="20000" disableUploadTimeout="ture" redirectPort="443" <!--这里的443也是同样的指定要访问https时 443对应nginx的443,若是没有nginx 则配置tomcat本身的https端口 默认是8443吧 记得2边得对应上--> proxyPort="443" /><!--不要加proxyPort="443" 有时访问80端口时会强制跳转到443端口 不知道为何 更新 查了proxyPort的做用 只会在有代理的状况下产生做用,通俗的讲就是proxyPort影响request.getServerPort()的值 也就是会影响重定向的绝对URL 也就是说配置了nginx tomcat重定向的端口会使用proxyPort设置的端口,我以前的状况是有301 因此访问80时重定向到了443端口。 注意有301和302的状况就行 --> <!--Host标签里加--> <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto"/>
若是在tomcat中须要使用302跳转 可在配置apache
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>tomcat
springboot也是配置这几项。springboot
而后再nginx中配置websocket
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;socket
便可。当时在访问项目根路径时仍是有问题。tomcat不启动https 或者nginx 80端口没处理仍是会跳转http代理
ok这样就实现了https nginx+tomcat访问code