nginx
server {
listen 80;
server_name 192.168.0.103;
# http访问重写为https
rewrite ^ https:/$http_host$request_uri? permanent;
}
# https
server {
listen 443 ssl;
server_name 192.168.0.103;
ssl_certificate d:/app/nginx/ssl/dogiant.crt;
ssl_certificate_key d:/app/nginx/ssl/dogiant.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
#代理一个tomcat应用,也可以和upstream的名字一样
proxy_pass http://localhost:8080;
#以下是一些反向代理的配置可删除
proxy_redirect off;
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m; #允许客户端请求的最大单文件字节数
client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数
proxy_connect_timeout 300; #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_send_timeout 300; #后端服务器数据回传时间(代理发送超时)
proxy_read_timeout 300; #连接成功后,后端服务器响应时间(代理接收超时)
proxy_buffer_size 4k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传
}
#静态资源访问
location ~ .*\.(jpg|jpeg|gif|png|ico|css|js|pdf|txt|ttf)?$ {
root html;
index index.html index.htm;
}
server_tokens off;
#access_log /var/log/nginx/www.hao.com.access.log;
#error_log /var/log/nginx/www.hao.com.error.log;
}
tomcat(粗体部分)
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" URIEncoding="UTF-8"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>
</Host>