Tomcat不支持Nginx反向代理

时间:2019-12-24 09:08:19

标签: tomcat nginx reverse-proxy

我试图将Apache Tomcat隐藏在Nginx后面。我想实现这样的方案: [Http客户端] <-https-> [Nginx] <-http-> [Tomcat] 在具有外部IP地址和Windows服务器的PC上安装了Tomcat 8.0.53和Nginx 1.16.1。 单个Tomcat在https模式下工作-接受443端口上的连接。 但是当使用Nginx时,在尝试访问站点时,我遇到了ERR_SSL_PROTOCOL_ERROR或ERR_TOO_MANY_REDIRECTS(取决于我对它们的配置)。

Tomcat:

<Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1" address="127.0.0.1"
        connectionTimeout="20000"
        Server="Apache"
        SSLEnabled="false" secure="false"
        proxyName="localhost" proxyPort="443"
    />

    <Connector port="8443" protocol="HTTP/1.1"
               maxThreads="200" enableLookups="false" acceptCount="200"
               scheme="https" secure="true"
               SSLEnabled="false" sslProtocol="TLS" proxyPort="443" 
               SSLCertificateFile="${catalina.base}/conf/platform.crt"
               SSLCertificateKeyFile="${catalina.base}/conf/platform.key"
               SSLCACertificateFile="${catalina.base}/conf/ca.crt"
               Server="Apache"
    />

    <Engine name="Catalina" defaultHost="localhost">
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Alias>localhost</Alias>

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="site_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
    </Engine>
  </Service>

NGINX 

      server {  

    proxy_cookie_path ~*^/.* /;

    listen 443 ssl http2;
    server_name my.foo.bar;
    listen [::]:443;

    ssl_certificate C:/NewDev/nginx-1.16.1/conf/platform.crt;
    ssl_certificate_key C:/NewDev/nginx-1.16.1/conf/platform.key;
    ssl_protocols TLSv1 TLSv1.2 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;



### default dest for backend at Tomcat
        location / {
        proxy_read_timeout 120;
        proxy_set_header HOST $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering     off;
        proxy_pass http://localhost:8080;
        }
  }

此错误可在nginx的error.log中找到:

2019/12/23 17:18:35 [error] 5752#5116: *1 connect() failed (10061: No connection could be made because the target machine actively refused it) while connecting to upstream, client: 109.73.8.14, server: my.foo.bar, request: "GET /main?sysname=logon HTTP/2.0", upstream: "http://[::1]:8080/main?sysname=logon", host: "my.foo.bar"

2019/12/23 17:18:57 [warn] 5752#5116: *1 upstream server temporarily disabled while connecting to upstream, client: 109.73.8.14, server: my.foo.bar, request: "GET /main?sysname=logon HTTP/2.0", upstream: "http://[::1]:8080/main?sysname=logon", host: "my.foo.bar"

我认为,该问题出在Tomcat配置中,我只想在http模式下工作。但是我找不到确切的位置。

0 个答案:

没有答案
相关问题
最新问题