nginx配置文件如下:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream jboss5{
server localhost:8080;
}
server {
listen 80;
server_name 127.0.0.1;
rewrite ^(.*)$ https://$host$1 permanent;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root index;
index index.html index.htm;
proxy_connect_timeout 3;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_pass http://jboss5;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~.*\.(gif|jpg|png|jepg)$ {
root /opt/file;
if ( -f $request_filename){
expires 1d;
break;
}
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
server {
listen 443 ssl;
server_name 127.0.0.1;
ssl on;
ssl_certificate /home/jbrserver/tools/jbr.pem;
ssl_certificate_key /home/jbrserver/tools/jbr.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_connect_timeout 3;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_pass http://jboss5;
}
}
}
jboss配置如下:
<Server>
<!-- Optional listener which ensures correct init and shutdown of APR,
and provides information if it is not installed -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<Service name="jboss.web">
<!-- A HTTP/1.1 Connector on port 8080 -->
<!--
<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript"
enableLookups="true" connectionTimeout="20000" redirectPort="443" />
-->
<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript"
connectionTimeout="20000" />
<!-- Add this option to the connector to avoid problems with
.NET clients that don't implement HTTP/1.1 correctly
restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
-->
<!-- A AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
redirectPort="8443" />
<!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
<!--
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/myqwe.keystore"
keystorePass="123456" sslProtocol = "TLS" />
-->
<!--
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/jbr.jks"
keystorePass="jbr365" sslProtocol = "TLS" />
-->
<Engine name="jboss.web" defaultHost="localhost">
<!-- The JAAS based authentication and authorization realm implementation
that is compatible with the jboss 3.2.x realm implementation.
- certificatePrincipal : the class name of the
org.jboss.security.auth.certs.CertificatePrincipal impl
used for mapping X509[] cert chains to a Princpal.
- allRolesMode : how to handle an auth-constraint with a role-name=*,
one of strict, authOnly, strictAuthOnly
+ strict = Use the strict servlet spec interpretation which requires
that the user have one of the web-app/security-role/role-name
+ authOnly = Allow any authenticated user
+ strictAuthOnly = Allow any authenticated user only if there are no
web-app/security-roles
-->
<Realm className="org.jboss.web.tomcat.security.JBossWebRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
allRolesMode="authOnly"
/>
<!-- A subclass of JBossSecurityMgrRealm that uses the authentication
behavior of JBossSecurityMgrRealm, but overrides the authorization
checks to use JACC permissions with the current java.security.Policy
to determine authorized access.
- allRolesMode : how to handle an auth-constraint with a role-name=*,
one of strict, authOnly, strictAuthOnly
+ strict = Use the strict servlet spec interpretation which requires
that the user have one of the web-app/security-role/role-name
+ authOnly = Allow any authenticated user
+ strictAuthOnly = Allow any authenticated user only if there are no
web-app/security-roles
<Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
allRolesMode="authOnly"
/>
-->
<Host name="localhost">
<!-- Uncomment to enable request dumper. This Valve "logs interesting
contents from the specified Request (before processing) and the
corresponding Response (after processing). It is especially useful
in debugging problems related to headers and cookies."
-->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve" />
-->
<!-- Access logger -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
prefix="localhost_access_log." suffix=".log"
pattern="common" directory="${jboss.server.log.dir}"
resolveHosts="false" />
-->
<!-- Uncomment to enable single sign-on across web apps
deployed to this host. Does not provide SSO across a cluster.
If this valve is used, do not use the JBoss ClusteredSingleSignOn
valve shown below.
A new configuration attribute is available beginning with
release 4.0.4:
cookieDomain configures the domain to which the SSO cookie
will be scoped (i.e. the set of hosts to
which the cookie will be presented). By default
the cookie is scoped to "/", meaning the host
that presented it. Set cookieDomain to a
wider domain (e.g. "xyz.com") to allow an SSO
to span more than one hostname.
-->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Uncomment to enable single sign-on across web apps
deployed to this host AND to all other hosts in the cluster.
If this valve is used, do not use the standard Tomcat SingleSignOn
valve shown above.
Valve uses a JBossCache instance to support SSO credential
caching and replication across the cluster. The JBossCache
instance must be configured separately. See the
"jboss-web-clusteredsso-beans.xml" file in the
server/all/deploy directory for cache configuration details.
Besides the attributes supported by the standard Tomcat
SingleSignOn valve (see the Tomcat docs), this version also
supports the following attributes:
cookieDomain see non-clustered valve above
cacheConfig Name of the CacheManager service configuration
to use for the clustered SSO cache. See
deploy/cluster/jboss-cache-manager.sar/META-INF/jboss-cache-manager-jboss-beans.xml
Default is "clustered-sso".
treeCacheName Deprecated. Use "cacheConfig".
JMX ObjectName of the JBoss Cache MBean used to
support credential caching and replication across
the cluster. Only used if no cache can be located
from the CacheManager service using the "cacheConfig"
attribute (or its default value). If not set, the
default is "jboss.cache:service=TomcatClusteringCache"
maxEmptyLife The maximum number of seconds an SSO with no
active sessions will be usable by a request
processExpiresInterval The minimum number of seconds between
efforts by the valve to find and invalidate
SSO's that have exceeded their 'maxEmptyLife'.
Does not imply effort will be spent on such
cleanup every 'processExpiresInterval'.
-->
<!--
<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
-->
<!-- Check for unclosed connections and transaction terminated checks
in servlets/jsps.
Important: The dependency on the CachedConnectionManager
in META-INF/jboss-service.xml must be uncommented, too
-->
<Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
transactionManagerObjectName="jboss:service=TransactionManager" />
</Host>
</Engine>
</Service>
</Server>
相关推荐
在配置过程中,文章详细介绍了安装 JDK、JBOSS、Nginx、VirtualBox 等软件,配置网络环境,上传文件到虚机,配置 JBOSS 应用服务器的 JDK 环境,配置 standalone 模式相关配置,配置 Nginx 等步骤。 文章还提供了...
Nginx配置http转https以及https访问http静态资源 Nginx是一款流行的开源Web服务器软件,常用于服务器端的反向代理、负载均衡、媒体流等功能。本文档将详细介绍如何使用Nginx配置http转https,以及https访问http静态...
nginx图片服务器配置和https配置
本文将详细介绍如何使用 Nginx 替代 Apache,并与 JBoss 结合使用,以提高系统的整体性能。 #### 现有部署情况 当前系统使用的是 **Apache + mod_jk + JBoss** 的组合。其中 mod_jk 作为 Apache 和 JBoss 之间的...
这时Nginx后台需要自动将Http请求转成Https的方式,这样就又能支持Http,又能保证通信安全了。 废话不多说,下面直接贴一个Nginx支持Http和Https的配置,是我的wordpres网站支持Https的配置,大家何以参考。 server...
4. **自动加载与重启**:`nginx-conf-watcher`会在检测到配置文件变化时,自动执行`nginx -s reload`命令,从而实现配置的实时加载。如果加载失败,通常是因为配置文件有语法错误,此时`nginx-conf-watcher`可能会...
### Nginx 配置详解 + 负载均衡 + HTTPS 协议 #### 一、SSL证书申请 SSL证书是实现HTTPS的关键组件之一,它主要用于保护网站与用户之间的数据传输安全。文中提到两种常见的SSL证书类型:OpenSSL和StartSSL。在此...
### Nginx域名跳转详解:实现多域名向主域名的自动跳转 #### 一、背景介绍 在互联网服务中,确保用户无论通过哪种形式的域名访问都能顺利到达目标站点是非常重要的。对于一些拥有多个子域名或不同形式域名(如 ...
在构建高可用性和安全性的网络服务时,"nginx负载均衡ssl证书认证强制跳转https+keeplived+apache"是一个常见的架构模式。该模式结合了Nginx的反向代理和负载均衡能力、Keepalived的高可用性保证以及SSL证书来确保...
HTTPS是HTTP协议的安全版本,通过使用SSL/TLS协议来加密数据传输,确保用户与服务器之间的通信不被中间人攻击。 首先,为了配置Nginx以支持HTTPS,你需要获取SSL证书。SSL证书通常由权威的证书颁发机构(CA)签发,...
在这个主题中,我们主要关注如何在CentOS 8操作系统上安装Nginx 1.20.1版本以及配置Nginx以支持HTTPS服务。以下是详细的步骤和相关知识点: 首先,我们需要确保CentOS 8系统已经更新到最新状态,通过运行以下命令:...
然而,有些用户可能仍习惯于输入HTTP而非HTTPS,这时就需要通过配置Nginx来实现从HTTP到HTTPS的自动跳转。本篇文章将详细介绍三种在Nginx中实现强制HTTPS访问的方法。 1. **Nginx的Rewrite方法** 这是最常见的方法...
总结起来,当遇到NGINX从HTTPS跳转到HTTP的问题时,我们可以通过在NGINX配置中使用`proxy_set_header`添加自定义头部,或者使用`proxy_redirect`指令来修正Location头,确保用户始终在安全的HTTPS连接中。...
这样配置后,Nginx可以处理HTTP请求,并对HTTPS请求进行加密处理。特别的,如果内网DNS直接将A记录指向了服务器,而服务器需要处理内网的HTTPS请求和外部DMZ区的HTTP请求,那么服务器就需要同时监听HTTP和HTTPS端口...
Nginx端口映射配置方法是网络服务器管理中的一个重要环节,它允许用户通过单一的公共端口访问多个运行在不同私有端口上的服务。Nginx作为高性能的反向代理服务器,常用于实现这一功能。以下是关于Nginx端口映射配置...
另一种是 SSL 证书配置在 Nginx 上,访问 HTTP:// 会自动跳转到 HTTPS://。 知识点 1:阿里云 SSL 证书配置 阿里云 SSL 证书配置是指在阿里云平台上配置 SSL 证书,以便实现 HTTPS 加密传输。阿里云提供了多种方式...
### Nginx与Tomcat HTTPS至HTTP反向代理配置详解 #### 一、Windows环境下Nginx与Tomcat HTTPS至HTTP反向代理配置 ##### 1. 安装Nginx - **下载Nginx** - 普通版下载地址: [http://nginx.org/en/download.html]...