本文详细记录了如何在一个服务器上同时配置两个项目,分别通过http和https访问。通过使用两个Tomcat实例和Nginx作为反向代理,实现test.a.com和test.b.com两个域名的正确解析和流量转发。
配置这个要被配置崩溃了。网上的教程和博文都不全面不完整,让我等小白看的没头没尾,van分痛苦。
因此记录下来,造福新手。
首先背景是:两个项目放在一个服务器上,http和https都要支持。所以在阿里云上,申请了两个域名指向一个服务器ip。比如test.a.com,test.b.com。
第一步:配置两个tomcat对应两个项目,端口保险起见,不用默认的80。我选择了8087和8088。其中的一个server.xml如下:
<?xml version='1.0' encoding='utf-8'?>
<Server port="8015" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8088" protocol="HTTP/1.1"
connectionTimeout="20000"
maxPostSize="0" URIEncoding="UTF-8" />
<Connector port="8019" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto"
protocolHeaderHttpsValue="https"/>
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
注意:Engine 模块下的第一个value,原先没有,是加上去的,为了和之后nginx配合识别http还是https。servel文件的改动正常只有Engine>value这个部分。
第二步:安装Nginx,官网下载稳定版:1.16.0,链接:Nginx下载链接。解压之后放在服务器上
第三步:获取SSL证书,阿里云上下载Nginx类型的证书,一个是pem文件,一个是key文件。两个域名的都要下载,在Nginx文件夹的conf文件夹里面,新建一个cert文件夹,把两对证书文件放里面。
然后修改conf文件夹里的 nginx.conf文件:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name test.a.com;
#return 301 https://test.a.com$request_uri;
location / {
proxy_pass http://127.0.0.1:8088;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name test.b.com;
#return 301 https://test.b.com$request_uri;
location / {
proxy_pass http://127.0.0.1:8087;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# HTTPS server
#
server {
listen 443;
server_name 127.0.0.1;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 default ssl;
server_name test.a.com;
ssl_certificate cert/a.pem;
ssl_certificate_key cert/a.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8088;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ .* {
proxy_pass http://127.0.0.1:8088;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl;
server_name test.b.com;
ssl_certificate cert/b.pem;
ssl_certificate_key cert/b.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8087;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ .* {
proxy_pass http://127.0.0.1:8087;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
注意:
1server模块中,443端口对应https,80端口对应http。80端口一般是没什么问题。443端口需要在源文件的基础上修改较多。
2.阿里云的教程上,有一行 ssl on; 这行不要加上去!
3.listen 443 ssl,其中一个要在中间加上default:listen 443 default ssl
4.可以直接复制上面文件,然后把对应部分改为你实际情况的路径:
proxy_pass:Nginx转发到tomcat的端口
ssl_certificate:证书路径
ssl_certificate_key:证书密码路径
server_name:域名
保存之后,开启Tomcat和Nginx。就可以正常运行了!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
