1:nginx和tomcat的安装就不说了,nginx的IP为:192.168.145.129 启动端口为80和443(ssl),tomcat的IP为192.168.145.128,启动端口为8080.
2:nginx部署ssl时需要加上编译参数--with-http_ssl_module
3:配置参数
#####反向代理后端tomcat机器#############
upstream tomcat_test {
server 192.168.145.128:8080;
}
server
{
listen 80;
server_name www.123.com;
#######nginx开启ssl###################
listen 443 ssl;
ssl on;
ssl_certificate aminglinux.crt;
ssl_certificate_key aminglinux.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!eNULL;
ssl_prefer_server_ciphers on;
###########静态处理,匹配静态文件在nginx代理上处理,需要将静态文件拷贝在nginx处理目录下##############
location ~ .*\.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$
{
root /data/wwwroot/zrlog;######静态文件都拷贝到此目录下
access_log off;
expires 7d;
}
##################动态处理,代理到后端tomcat机器###################################
location /
{
proxy_pass http://tomcat_test;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
######nginx开启了ssl,需要转发后端的tomcat,此外还要在tomcat上配置一下############
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
}
##############劫持nginx404,自定义404文件#########################################
proxy_intercept_errors on;
error_page 404 /404.html;
location = /404.html {
root html; ############绝对路径为/usr/local/nginx/html
}
####################自定义50X错误###############################################
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
4:匹配ssl上的tomcat的配置:vim /usr/local/tomcat/conf/server.xml
<Engine>
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
protocolHeaderHttpsValue="https"/>
</Engine>
编辑回复