開發與維運

Nginx轉發Tomcat

通過配置實現Nginx轉發Tomcat。

下面是詳細的配置(Nginx 端口 80/443,Tomcat 的端口 8080)

  • 配置 http 重定向到 https:
server {
listen       80;
server_name  localhost;
rewrite ^(.*)$ https://$host$1 permanent;
}
  • 配置ssl證書及https轉發:
server{ 
listen  443; 
server_name  localhost; 
ssl     on; 
ssl_certificate    server.pem; 
ssl_certificate_key  server.key; 
ssl_session_timeout  5m; 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#啟用TLS1.1、TLS1.2要求OpenSSL1.0.1及以上版本,若您的OpenSSL版本低於要求,請用 ssl_protocols TLSv1;
ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; 
ssl_prefer_server_ciphers  on; 
location/{ 
root  html; 
index index.html index.htm; 
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto  $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080; 
    } 
}

其中最為關鍵的就是 ssl_certificatessl_certificate_key 還有proxy轉發的配置。

Tomcat修改server.xml文件增加對https的支持:

<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" httpsServerPort="443"/>

Leave a Reply

Your email address will not be published. Required fields are marked *