nginx代理tomcat的问题
描述:
https http
浏览器---------nginx---------tomcat
- 站点都是放在tomcat上,nginx只是做代理,他们目前在同一台机器上。
- 浏览器与nginx走https
- nginx与tomcat走http
-
对于浏览器来说,整个网站都是https协议。
-
tomcat上有3个虚拟目录,也就是有3个web站点。
目前分别是 site1,site2,manage -
现在浏览器直接访问tomcat,这三个站点都可以走通。访问时输入的URL分别是
http://www.test.com:8081/site1 ====这个是访问site1
http://www.test.com:8081/site2 ====这个是访问site2
http://www.test.com:8081/manage ====这个是访问manage -
通过nginx访问这三个站点的URL分别是:
https://www.test.com/ ====这个是访问site1
https://www.test.com/site2 ====这个是访问site2
https://www.test.com/manage ====这个是访问manage
问题是:通过nginx访问这几个站点的首页都能打开,但一旦进入下级目录就报错。
如,进入site1的子目录mem的网页就打不开,报404的错误。
同时,页面地址上居然出现了site1的字样,如https://www.test.com/site1/mem/mytest.jsp
按道理 site1已经被指定为根目录了,也就是被隐藏了。地址上不应该出现site1的。
附:
tomcat的server.xml
<Service name="Catalina">
<Connector port="8081" redirectPort="8443" protocol="HTTP/1.1"
maxHttpHeaderSize="8192" useBodyEncodingForURI="true"
minProcessors="100" maxProcessors="5000"
maxThreads="5000" minSpareThreads="1000" maxSpareThreads="4000"
enableLookups="false" acceptCount="3500"
connectionTimeout="60000" disableUploadTimeout="true" debug="0" uRIEncoding="GBK" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="conf/keystore.jks" keystorePass="erui34432"
compression="off" uRIEncoding="GBK"
clientAuth="false" sslProtocol="TLS" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/app/log"
prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.test.com" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="/site1" docBase="/app/webroot/site1" />
<Context path="/manage" docBase="/app/webroot/manage" />
<Context path="/site2" docBase="/app/webroot/site2" />
</Host>
nginx.conf
server {
listen 80 ;
server_name www.test.com ;
rewrite ^ https://$server_name$request_uri? permanent;
}
# HTTPS server
server {
listen 443 ;
server_name localhost;
ssl on;
ssl_certificate cert/mysite1.cer;
ssl_certificate_key cert/mysite1.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm index.jsp;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header SSL_CERT $ssl_client_cert;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www.test.com:8081/site1/ ;
}
location /manage/
{
index index.html index.htm index.jsp;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header SSL_CERT $ssl_client_cert;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://www.test.com:8081/manage/ ;
}
location /site2/
{
index index.html index.htm index.jsp;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header SSL_CERT $ssl_client_cert;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://www.test.com:8081/site2/ ;
}
}
wowloe
12 years, 7 months ago
Answers
可以在Nginx配置文件中这样配置:
location /manage/
{
...
proxy_pass http://tomcatip:8081 ;
}
对于静态文件可以交给Nginx处理。
location ~ .*.(gif|png|htm|js|jpg|jpeg|ico|rar|flv|css|js|zip|txt|doc|ppt|xls|pdf)?$ {
root html/htdocs/images;
index index.html index.htm;
access_log off;
expires 7d;
}
另外,我这边一般NGinx+Tomcat情况下,tomcat的server.xml文件只改下端口。host段不修改。网站程序放在tomcat的webapps下。
不过地址栏上会显示 www.site.com/manage
温文尔雅的十八
answered 12 years, 7 months ago