tomcat的server.xml<?xml vesion='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443"/>
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<!-- 這裏非常重要 -->
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
</Host>
</Engine>
</Service>
</Server>
下面是nginx下conf.d文件裏面的*.conf文件server {
# listen 80;
ssl on;
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/conf.d/idealn_ca/fullchain.pem;
ssl_certificate_key /etc/nginx/conf.d/idealn_ca/privkey.pem;
ssl_trusted_certificate /etc/nginx/conf.d/idealn_ca/chain.pem;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~* \.(jpg|jpeg|png|gif|ico|obj|mtl|mp4|txt|doc|excel|pdf|bmp|rar|zip|gz|tar|tgz|svg)$ {
access_log off;
add_header Cache-Control "public";
proxy_cache cache_one;
proxy_cache_valid 200 304 302 5d;
proxy_cache_valid any 5d;
proxy_cache_key '$host:$server_port$request_uri';
add_header X-Cache '$upstream_cache_status from $host';
root /opt/tomcat/webapps/ROOT;
expires 15d;
}
location ~* \.(html|js|css)$ {
proxy_cache cache_one;
proxy_cache_valid 200 304 302 5d;
proxy_cache_valid any 5d;
proxy_cache_key '$host:$server_port$request_uri';
add_header X-Cache '$upstream_cache_status from $host';
root /opt/tomcat/webapps/ROOT;
expires 5d;
}
location ~ .*$ {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-SSL-Protocol $ssl_protocol;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-HTTPS-Protocol $ssl_protocol;
#對應tomcat的server.xml的設置
proxy_set_header X-FORWARDED-PROTO $scheme;
expires -1;
}
}