tomcat端口:8080 做好虛擬主機
nginx端口:80 根據域名分派
在conf/nginx.conf中的http中增加
include m.ythuaji.com.cn.conf
新建conf/m.ythuaji.com.cn.conf,內容如下:
server {
listen 80;
server_name m.ythuaji.com.cn;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
}
其中127.0.0.1是你的tomcat主機ip
要是代理https的話,內容如下:
server {
listen 443;
server_name mail.zzvips.com;
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
location / {
proxy_pass https://192.168.0.2:443;
proxy_set_header Host $host:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
}
其中192.168.0.2是你的https主機
如果后端https沒有證書的話,可以如此簡化:
server {
listen 80;
server_name svn.zzvips.com;
location / {
proxy_pass https://192.168.0.2:443;
proxy_set_header Host $host:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
proxy_set_header X-Forwarded-Proto https; #注意看這里 多了一行
}
}
如果提示“SSL 接收到一個超出最大準許長度的記錄。” 錯誤代碼“ssl_error_rx_record_too_long”說明少了“ssl on;”這一行
后面的server.crt server.key是數字證書,具體可以參照openssl做證書
openssl做證書
mkdir ssl
cd ssl
openssl genrsa -des3 -out server.key 1024 # 會提示你輸入key,盡可能長些復雜些,后面好幾處要用,我都是復制粘貼的
openssl req -new -key server.key -out server.csr # 輸入組織信息 CN BeiJing HaiDian huozhe.com
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
這里的server.crt server.key你就可以拿去用了
