我有一个面向公众的nginx服务器,中间是一个apache服务器,最后是一个tomcat服务器。最后,tomcat正在侦听9001的HTTP流量,9002侦听HTTP(S)流量。
希望允许HTTP(S)流量到达tomcat服务器。我的HTTP流量在公共IP上工作正常,但我仍然坚持使用HTTP(S)部分。
不确定我在这里缺少什么。
总结:
公共IP HTTP< ==> nginx [HTTP]< ==> apache [HTTP]< ==> tomcat [HTTP]端口9001 =全部
公共IP HTTPS< ==> nginx [HTTPS]< ==> apache [HTTPS]< ==> tomcat [HTTPS]端口9002 =失败
这是我在nginx服务器上的nginx.conf文件。
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024
;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
auth_basic "Restricted. Please refer to your environment's release note.";
auth_basic_user_file /etc/nginx/htpasswd;
include /etc/nginx/sites-enabled/demo-env.conf;
}
我在nginx框上的/etc/nginx/sites-enabled/demo-env.conf
server{
listen 80 default;
server_name ~^[0-9]*;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://10.0.1.215:80/;
#proxy_redirect default;
}
}
server {
listen 443;
server_name ~^[0-9]*;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://10.0.1.215:443;
# proxy_cache my-cache;
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
}
}
这是我在apache服务器上的apache conf文件。
httpd.conf文件包含以下条目:
Listen 80
Listen 443
Include conf/sites-available/demo-env.conf
demo-env.conf有以下内容:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://10.0.1.141:9001/ retry=1 acquire=3000 timeout=600 Keepalive=On
ProxyPassReverse / http://10.0.1.141:9001/
ServerName localhost
</VirtualHost>
<VirtualHost *:443>
ServerName localhost
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://10.0.1.141:9002/ retry=1 acquire=3000 timeout=600 Keepalive=On
ProxyPassReverse / http://10.0.1.141:9002/
</VirtualHost>