`

nginx 与 jboss 配置http自动跳转https

阅读更多

nginx配置文件如下:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
	
	upstream jboss5{
		server localhost:8080;
    }

    server {
        listen       80;
        server_name  127.0.0.1;
		rewrite ^(.*)$ https://$host$1 permanent;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   index;
            index  index.html index.htm;
			proxy_connect_timeout   3;
            proxy_send_timeout      30;
            proxy_read_timeout      30;
            proxy_pass http://jboss5;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
	location ~.*\.(gif|jpg|png|jepg)$ {
	root /opt/file;
		if ( -f $request_filename){
			expires 1d;
			break;
		}
	}

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  127.0.0.1;
		
		ssl          on;

        ssl_certificate      /home/jbrserver/tools/jbr.pem;
        ssl_certificate_key  /home/jbrserver/tools/jbr.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
			proxy_connect_timeout   3;
            proxy_send_timeout      30;
            proxy_read_timeout      30;
            proxy_pass http://jboss5;
        }
    }

}

 jboss配置如下:

<Server>

   <!-- Optional listener which ensures correct init and shutdown of APR,
        and provides information if it is not installed -->
   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
   <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
   <Listener className="org.apache.catalina.core.JasperListener" />

   <Service name="jboss.web">

      <!-- A HTTP/1.1 Connector on port 8080 -->
	  <!--
      <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
				 compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript"
			   enableLookups="true" connectionTimeout="20000" redirectPort="443" />
		-->	   
			   
	  <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" 
	             compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript"
				 connectionTimeout="20000" />

      <!-- Add this option to the connector to avoid problems with 
          .NET clients that don't implement HTTP/1.1 correctly 
         restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
      -->

      <!-- A AJP 1.3 Connector on port 8009 -->
      <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
         redirectPort="8443" />

      <!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
	  <!--
      <Connector protocol="HTTP/1.1" SSLEnabled="true" 
           port="8443" address="${jboss.bind.address}"
           scheme="https" secure="true" clientAuth="false" 
           keystoreFile="${jboss.server.home.dir}/conf/myqwe.keystore"
           keystorePass="123456" sslProtocol = "TLS" />
      -->
	  
	  <!--
	  <Connector protocol="HTTP/1.1" SSLEnabled="true"
		   port="8443" address="${jboss.bind.address}"
		   compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript"
		   scheme="https" secure="true" clientAuth="false"
		   keystoreFile="${jboss.server.home.dir}/conf/jbr.jks"
		   keystorePass="jbr365" sslProtocol = "TLS" />
		-->
      <Engine name="jboss.web" defaultHost="localhost">

         <!-- The JAAS based authentication and authorization realm implementation
         that is compatible with the jboss 3.2.x realm implementation.
         - certificatePrincipal : the class name of the
         org.jboss.security.auth.certs.CertificatePrincipal impl
         used for mapping X509[] cert chains to a Princpal.
         - allRolesMode : how to handle an auth-constraint with a role-name=*,
         one of strict, authOnly, strictAuthOnly
           + strict = Use the strict servlet spec interpretation which requires
           that the user have one of the web-app/security-role/role-name
           + authOnly = Allow any authenticated user
           + strictAuthOnly = Allow any authenticated user only if there are no
           web-app/security-roles
         -->
         <Realm className="org.jboss.web.tomcat.security.JBossWebRealm"
            certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
            allRolesMode="authOnly"
            />
         <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
         behavior of JBossSecurityMgrRealm, but overrides the authorization
         checks to use JACC permissions with the current java.security.Policy
         to determine authorized access.
         - allRolesMode : how to handle an auth-constraint with a role-name=*,
         one of strict, authOnly, strictAuthOnly
           + strict = Use the strict servlet spec interpretation which requires
           that the user have one of the web-app/security-role/role-name
           + authOnly = Allow any authenticated user
           + strictAuthOnly = Allow any authenticated user only if there are no
           web-app/security-roles
         <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
            certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
            allRolesMode="authOnly"
            />
         -->

         <Host name="localhost"> 

            <!-- Uncomment to enable request dumper. This Valve "logs interesting 
                 contents from the specified Request (before processing) and the 
                 corresponding Response (after processing). It is especially useful 
                 in debugging problems related to headers and cookies."
            -->
            <!--
            <Valve className="org.apache.catalina.valves.RequestDumperValve" />
            -->
 
            <!-- Access logger -->
            <!--
            <Valve className="org.apache.catalina.valves.AccessLogValve"
                prefix="localhost_access_log." suffix=".log"
                pattern="common" directory="${jboss.server.log.dir}" 
                resolveHosts="false" />
            -->

            <!-- Uncomment to enable single sign-on across web apps
                deployed to this host. Does not provide SSO across a cluster.     
            
                If this valve is used, do not use the JBoss ClusteredSingleSignOn 
                valve shown below.
                
                A new configuration attribute is available beginning with
                release 4.0.4:
                
                cookieDomain  configures the domain to which the SSO cookie
                              will be scoped (i.e. the set of hosts to
                              which the cookie will be presented).  By default
                              the cookie is scoped to "/", meaning the host
                              that presented it.  Set cookieDomain to a
                              wider domain (e.g. "xyz.com") to allow an SSO
                              to span more than one hostname.
             -->
            <!--
            <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
            -->

            <!-- Uncomment to enable single sign-on across web apps
               deployed to this host AND to all other hosts in the cluster.
            
               If this valve is used, do not use the standard Tomcat SingleSignOn
               valve shown above.
            
               Valve uses a JBossCache instance to support SSO credential 
               caching and replication across the cluster.  The JBossCache 
               instance must be configured separately.  See the 
               "jboss-web-clusteredsso-beans.xml" file in the 
               server/all/deploy directory for cache configuration details.
            
               Besides the attributes supported by the standard Tomcat
               SingleSignOn valve (see the Tomcat docs), this version also 
               supports the following attributes:
            
               cookieDomain   see non-clustered valve above
               
               cacheConfig    Name of the CacheManager service configuration
                              to use for the clustered SSO cache. See
                              deploy/cluster/jboss-cache-manager.sar/META-INF/jboss-cache-manager-jboss-beans.xml
                              Default is "clustered-sso".
               
               treeCacheName  Deprecated. Use "cacheConfig". 
                              JMX ObjectName of the JBoss Cache MBean used to 
                              support credential caching and replication across
                              the cluster. Only used if no cache can be located
                              from the CacheManager service using the "cacheConfig"
                              attribute (or its default value). If not set, the 
                              default is "jboss.cache:service=TomcatClusteringCache"
                              
               maxEmptyLife   The maximum number of seconds an SSO with no 
                              active sessions will be usable by a request
                              
               processExpiresInterval The minimum number of seconds between 
                              efforts by the valve to find and invalidate 
                              SSO's that have exceeded their 'maxEmptyLife'. 
                              Does not imply effort will be spent on such
                      			cleanup every 'processExpiresInterval'.
            -->
            <!--
            <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
            -->
         
            <!-- Check for unclosed connections and transaction terminated checks
                 in servlets/jsps.
                 
                 Important: The dependency on the CachedConnectionManager
                 in META-INF/jboss-service.xml must be uncommented, too
           -->

            <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
                cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
                transactionManagerObjectName="jboss:service=TransactionManager" />
                
         </Host>
      </Engine>

   </Service>

</Server>

 

1
0
分享到:
评论

相关推荐

    Nginx 1.2.1 + JBOSS AS 7 负载配置及Session处理

    在配置过程中,文章详细介绍了安装 JDK、JBOSS、Nginx、VirtualBox 等软件,配置网络环境,上传文件到虚机,配置 JBOSS 应用服务器的 JDK 环境,配置 standalone 模式相关配置,配置 Nginx 等步骤。 文章还提供了...

    Nginx配置http转https以及https访问http静态资源.docx

    Nginx配置http转https以及https访问http静态资源 Nginx是一款流行的开源Web服务器软件,常用于服务器端的反向代理、负载均衡、媒体流等功能。本文档将详细介绍如何使用Nginx配置http转https,以及https访问http静态...

    nginx图片服务器配置和https配置

    nginx图片服务器配置和https配置

    nginx替代方案,nginx代替apache与jboss

    本文将详细介绍如何使用 Nginx 替代 Apache,并与 JBoss 结合使用,以提高系统的整体性能。 #### 现有部署情况 当前系统使用的是 **Apache + mod_jk + JBoss** 的组合。其中 mod_jk 作为 Apache 和 JBoss 之间的...

    Nginx同时支持Http和Https的配置详解

    这时Nginx后台需要自动将Http请求转成Https的方式,这样就又能支持Http,又能保证通信安全了。 废话不多说,下面直接贴一个Nginx支持Http和Https的配置,是我的wordpres网站支持Https的配置,大家何以参考。 server...

    Windows平台,Nginx配置文件修改自动加载重启

    4. **自动加载与重启**:`nginx-conf-watcher`会在检测到配置文件变化时,自动执行`nginx -s reload`命令,从而实现配置的实时加载。如果加载失败,通常是因为配置文件有语法错误,此时`nginx-conf-watcher`可能会...

    nginx 域名跳转nginx多域名向主域名跳转

    ### Nginx域名跳转详解:实现多域名向主域名的自动跳转 #### 一、背景介绍 在互联网服务中,确保用户无论通过哪种形式的域名访问都能顺利到达目标站点是非常重要的。对于一些拥有多个子域名或不同形式域名(如 ...

    nginx配置 +负载均衡+https协议

    ### Nginx 配置详解 + 负载均衡 + HTTPS 协议 #### 一、SSL证书申请 SSL证书是实现HTTPS的关键组件之一,它主要用于保护网站与用户之间的数据传输安全。文中提到两种常见的SSL证书类型:OpenSSL和StartSSL。在此...

    阿里云ssl证书配置https和slb的http跳转到https-详细笔记总结

    另一种是 SSL 证书配置在 Nginx 上,访问 HTTP:// 会自动跳转到 HTTPS://。 知识点 1:阿里云 SSL 证书配置 阿里云 SSL 证书配置是指在阿里云平台上配置 SSL 证书,以便实现 HTTPS 加密传输。阿里云提供了多种方式...

    nginx负载均衡ssl证书认证强制跳转https+keeplived+apache

    在构建高可用性和安全性的网络服务时,"nginx负载均衡ssl证书认证强制跳转https+keeplived+apache"是一个常见的架构模式。该模式结合了Nginx的反向代理和负载均衡能力、Keepalived的高可用性保证以及SSL证书来确保...

    nginx https 配置

    HTTPS是HTTP协议的安全版本,通过使用SSL/TLS协议来加密数据传输,确保用户与服务器之间的通信不被中间人攻击。 首先,为了配置Nginx以支持HTTPS,你需要获取SSL证书。SSL证书通常由权威的证书颁发机构(CA)签发,...

    centos8 nginx1.20.1 与nginx配置文件

    在这个主题中,我们主要关注如何在CentOS 8操作系统上安装Nginx 1.20.1版本以及配置Nginx以支持HTTPS服务。以下是详细的步骤和相关知识点: 首先,我们需要确保CentOS 8系统已经更新到最新状态,通过运行以下命令:...

    nginx强制使用https访问的方法(http跳转到https)

    然而,有些用户可能仍习惯于输入HTTP而非HTTPS,这时就需要通过配置Nginx来实现从HTTP到HTTPS的自动跳转。本篇文章将详细介绍三种在Nginx中实现强制HTTPS访问的方法。 1. **Nginx的Rewrite方法** 这是最常见的方法...

    详解NGINX访问https跳转到http的解决方法

    总结起来,当遇到NGINX从HTTPS跳转到HTTP的问题时,我们可以通过在NGINX配置中使用`proxy_set_header`添加自定义头部,或者使用`proxy_redirect`指令来修正Location头,确保用户始终在安全的HTTPS连接中。...

    Nginx端口映射配置方法

    Nginx端口映射配置方法是网络服务器管理中的一个重要环节,它允许用户通过单一的公共端口访问多个运行在不同私有端口上的服务。Nginx作为高性能的反向代理服务器,常用于实现这一功能。以下是关于Nginx端口映射配置...

    详解nginx同一端口监听多个域名和同时监听http与https

    这样配置后,Nginx可以处理HTTP请求,并对HTTPS请求进行加密处理。特别的,如果内网DNS直接将A记录指向了服务器,而服务器需要处理内网的HTTPS请求和外部DMZ区的HTTP请求,那么服务器就需要同时监听HTTP和HTTPS端口...

    nginx_https+tomcat_http配置.docx

    ### Nginx与Tomcat HTTPS至HTTP反向代理配置详解 #### 一、Windows环境下Nginx与Tomcat HTTPS至HTTP反向代理配置 ##### 1. 安装Nginx - **下载Nginx** - 普通版下载地址: [http://nginx.org/en/download.html]...

Global site tag (gtag.js) - Google Analytics