一、緣起
由於一個服務器需要部署多個小程序服務端,而小程序必須要使用https協議,需要使用443端口,所以需要將443端口做反向代理。
二、nginx 配置
注意點:
1.ssl_certificate 和 ssl_certificate_key 都是指 nginx/con/ 下的相對位置
1.5 證書和祕鑰文件都要放在nginx/con/ 下
2.ssl_certificate_key 後面的空格只能有一個,否則找不到文件
3.一個服務 需要3部分 upstream 、server (80)、server (443),需要增加應用,這3個配置複製一份即可
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# 服務1
upstream community {
server 127.0.0.1:8080;
}
server {
listen 80;
server_name www.moonknightsoft.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name www.moonknightsoft.com;
# 注意 這裏的位置都是指 nginx/con/ 下的相對位置
ssl_certificate 1_www.moonknightsoft.com_bundle.crt;
# 注意 下邊這行空格只能有一個
ssl_certificate_key 2_www.moonknightsoft.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
proxy_pass http://community;
}
}
# 服務2 (多個服務配置多份即可)
upstream teacher {
server 127.0.0.1:8082;
}
server {
listen 80;
server_name teacher.moonknightsoft.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name teacher.moonknightsoft.com;
ssl_certificate 1_teacher.moonknightsoft.com_bundle.crt;
ssl_certificate_key 2_teacher.moonknightsoft.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
proxy_pass http://teacher;
}
}
}
三、tomcat 配置
nginx配置了 ssl 證書了,tomcat 就無需配置ssl證書了。tomcat只要做好應用的配置即可。
注意點:
1.proxyPort=“443” 必須要
2.Valve RemoteIpValve 必須要
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="community">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="/usr/local/tomcat/webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs/communityAccess/"
prefix="community_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
</Host>
</Engine>
</Service>
<Service name="teacher">
<Connector port="8082" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="/usr/local/tomcat/webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs/teacherAccess/"
prefix="teacher_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
</Host>
</Engine>
</Service>
</Server>