tomcat支持 https

最新推荐文章于 2023-07-02 23:54:33 发布

weixin_30371875

最新推荐文章于 2023-07-02 23:54:33 发布

阅读量110

点赞数

CC 4.0 BY-SA版权

文章标签： java 运维 javascript ViewUI

原文链接：http://www.cnblogs.com/vana/p/9687210.html

本文详细介绍了如何使用Nginx作为反向代理，与Tomcat服务器集成，实现HTTP和HTTPS请求的转发。包括Nginx配置文件的设置，如虚拟主机、SSL证书配置，以及Tomcat的RemoteIpValve配置。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

首先安装nginx ，在nginx.conf 中引入

include /app/conf/nginx/vhosts/*.conf; 配置

并在conf/vhosts 目录中配置virtual.conf （代理了tomcat8080） ssl.conf(代理tomcat并支持https) 并在conf下加入 proxy.conf

virtual.conf

upstream tomcat {
server 127.0.0.1:8080;
keepalive 1024;
}

server {
listen 80;
server_name t2625430001-gotpc.gtarcade.com 127.0.0.1;
keepalive_timeout 10;
#error_page 500 502 404.html;
#error_page 404 403 500 502 http://36.youzu.com/504.htm;

#limit_conn crawler 20;
location /status {
stub_status on;
access_log on;
}

location ~ ^/(WEB-INF)/ {
deny all;
}

location /{
add_header Cache-Control "no-cache, no-store, max-age=0, must-revalidate";
add_header Pragma no-cache;
proxy_pass http://tomcat;
}

}

ssl.conf 由于本地tomcat配置在8080，这里被代理了。会直接跳转，而且省去了tomcat配置ssl，只需要nginx配置就可以了。

upstream tomcathttps {
server 127.0.0.1:8080;
}

server {
listen 443 backlog=8192;
server_name t2625430001-gotpc.gtarcade.com 127.0.0.1;

ssl on;
ssl_certificate ssl/gtarcade.com.crt;
ssl_certificate_key ssl/gtarcade.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location /status {
stub_status on;
access_log on;
}
location /{
add_header Cache-Control "no-cache, no-store, max-age=0, must-revalidate";
add_header Pragma no-cache;
proxy_pass http://tomcathttps;
include proxy.conf;
}
}

proxy.conf

#!nginx (-)
## proxy.conf
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_buffers 32 32k;

client_socket.conf

server {
listen 47790;
server_name dev-fcdn-pcgot.uuzuonline.net 10.22.3.29 127.0.0.1;
#add_header Content-Encoding gzip;
root /var/local/gotpc;
autoindex on;
}

client.xml

server {
listen 80;
server_name dev-cdn-pcgot.youzu.com 10.22.3.29 127.0.0.1;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.unity;
#add_header Content-Encoding gzip;
root /var/local/gotpc_qa20180820214652/;
autoindex on;
}

然后重启nginx

另外，在tomcat conf/server.xml中加入

tomcat server.xml

另外一个指令

dig fs2625430001-pcgot.gtarcade.com.uuzuonline.net

转载于:https://www.cnblogs.com/vana/p/9687210.html