nginx 多端口转发 + SSL
Server 1: springboot 端口配置(18080)server:tomcat:uri-encoding: UTF-8port: 18080Server 2: springboot 端口配置(28080)server:tomcat:uri-encoding: UTF-8port: 28080Nginx配置:http {log_formatmain'$remote_addr - $rem
·
1.代理多个项目至同一个端口,分发到不同域名
Server 1: springboot 端口配置(18080)
server:
tomcat:
uri-encoding: UTF-8
port: 18080
Server 2: springboot 端口配置(28080)
server:
tomcat:
uri-encoding: UTF-8
port: 28080
Nginx配置:
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include conf/*.conf;
server {
listen 80;
server_name t1.test.com;
index index.html index.htm index.php;
location / {
proxy_pass http://127.0.0.1:18080;
proxy_set_header X_Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
access_log logs/pm1-nginx-access.log main;
error_log logs/pm1-nginx-error.log error;
}
server {
listen 80;
server_name t2.test.com;
index index.html index.htm index.php;
location / {
proxy_pass http://127.0.0.1:28080;
proxy_set_header X_Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
access_log logs/pm2-nginx-access.log main;
error_log logs/pm2-nginx-error.log error;
}
}
htdocs配置:
127.0.0.1 t1.test.com
127.0.0.1 t2.test.com
启动、关闭命令:
#启动
start nginx
#关闭
nginx -s stop
SSL 配置:
修改nginx配置:(注意listen 443 ssl,这里添加SSL,以及下面SSL证书配置)
server {
listen 443 ssl;
server_name t1.test.com;
index index.html index.htm index.php;
ssl_certificate ssl/t1.0c4d.com_bundle.crt; #需要添加(这里是你的.pem文件地址)
ssl_certificate_key ssl/t1.0c4d.com.key; #需要添加(这里是你的.key文件地址)
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#表示使用的加密套件的类型。
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #表示使用的TLS协议的类型。
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://127.0.0.1:18080;
proxy_set_header X_Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
access_log logs/pm1-nginx-access.log main;
error_log logs/pm1-nginx-error.log error;
}
server {
listen 443 ssl;
server_name t2.test.com;
index index.html index.htm index.php;
ssl_certificate ssl/t2.0c4d.com_bundle.crt; #需要添加(这里是你的.pem文件地址)
ssl_certificate_key ssl/t2.0c4d.com.key; #需要添加(这里是你的.key文件地址)
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#表示使用的加密套件的类型。
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #表示使用的TLS协议的类型。
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:28080;
proxy_set_header X_Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
access_log logs/pm2-nginx-access.log main;
error_log logs/pm2-nginx-error.log error;
}
}
ssl证书放到conf目录下
项目添加ssl证书配置:
debug: false
server:
tomcat:
uri-encoding: UTF-8
port: 18080
ssl:
key-store: classpath:t1.0c4d.com.jks
证书放至项目根目录:
结果:https://t1.0c4d.com/ 跳转至项目1,https://t2.0c4d.com/ 跳转至项目2
2.代理不同项目到同一个端口,共用同一个项目
更多推荐
已为社区贡献1条内容
所有评论(0)