Google 微软 Apple Java 无人驾驶 人工智能 大数据 阿里巴巴 特斯拉 Facebook VR/AR 安全 手机 亚马逊 机器人 云计算

Nginx配置为前端可以Http也可以Https,后端均为Http配置

Nginx配置为前端可以Http也可以Https,后端均为Http配置。

 

由于内网是安全的为了提升效率,Tomcat不在使用SSL加密,Nginx负责ssl的处理。

 

具体配置如下:

 

#user nobody;
worker_processes 1;

error_log logs/error.log error;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘‘$status $body_bytes_sent “$http_referer” ‘‘”$http_user_agent” $http_x_forwarded_for’;
access_log logs/access.log main;
sendfile on;
keepalive_timeout 1800;

upstream epower {
least_conn;
server 127.0.0.1:8090 max_fails=1 fail_timeout=30s;#30s内服务出现一次不可用惩罚30秒
server 127.0.0.1:8091 max_fails=1 fail_timeout=30s;
server 127.0.0.1:8092 max_fails=1 fail_timeout=30s;
}

server {#Http
listen 8080;

location / {
proxy_pass http://epower;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;#连接子服务3s连不上 再重新找服务器

}
}

server {#https
listen 10010 ssl;
ssl_certificate ssl/epower.crt;
ssl_certificate_key ssl/epower_nopass.key;

location / {

#由于程序中的redirect并不知道前端nginx已经配置为https,

#在redirect时仍使用http会导致 ” The plain HTTP requset was sent to HTTPS port.” 使用 proxy_redirect 重新修改被重定向的url

proxy_redirect http:// $scheme://;
proxy_pass http://epower;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;#连接子服务3s连不上 再重新找服务器

}
}
}

 

点赞 0 打赏

我要评论