nginx 与 jboss 配置http自动跳转https
程序员文章站
2022-07-15 14:58:53
...
nginx配置文件如下:
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream jboss5{ server localhost:8080; } server { listen 80; server_name 127.0.0.1; rewrite ^(.*)$ https://$host$1 permanent; #charset koi8-r; #access_log logs/host.access.log main; location / { root index; index index.html index.htm; proxy_connect_timeout 3; proxy_send_timeout 30; proxy_read_timeout 30; proxy_pass http://jboss5; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location ~.*\.(gif|jpg|png|jepg)$ { root /opt/file; if ( -f $request_filename){ expires 1d; break; } } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # server { listen 443 ssl; server_name 127.0.0.1; ssl on; ssl_certificate /home/jbrserver/tools/jbr.pem; ssl_certificate_key /home/jbrserver/tools/jbr.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; proxy_connect_timeout 3; proxy_send_timeout 30; proxy_read_timeout 30; proxy_pass http://jboss5; } } }
jboss配置如下:
<Server> <!-- Optional listener which ensures correct init and shutdown of APR, and provides information if it is not installed --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener" /> <Service name="jboss.web"> <!-- A HTTP/1.1 Connector on port 8080 --> <!-- <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript" enableLookups="true" connectionTimeout="20000" redirectPort="443" /> --> <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript" connectionTimeout="20000" /> <!-- Add this option to the connector to avoid problems with .NET clients that don't implement HTTP/1.1 correctly restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$" --> <!-- A AJP 1.3 Connector on port 8009 --> <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}" redirectPort="8443" /> <!-- SSL/TLS Connector configuration using the admin devl guide keystore--> <!-- <Connector protocol="HTTP/1.1" SSLEnabled="true" port="8443" address="${jboss.bind.address}" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/myqwe.keystore" keystorePass="123456" sslProtocol = "TLS" /> --> <!-- <Connector protocol="HTTP/1.1" SSLEnabled="true" port="8443" address="${jboss.bind.address}" compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/jbr.jks" keystorePass="jbr365" sslProtocol = "TLS" /> --> <Engine name="jboss.web" defaultHost="localhost"> <!-- The JAAS based authentication and authorization realm implementation that is compatible with the jboss 3.2.x realm implementation. - certificatePrincipal : the class name of the org.jboss.security.auth.certs.CertificatePrincipal impl used for mapping X509[] cert chains to a Princpal. - allRolesMode : how to handle an auth-constraint with a role-name=*, one of strict, authOnly, strictAuthOnly + strict = Use the strict servlet spec interpretation which requires that the user have one of the web-app/security-role/role-name + authOnly = Allow any authenticated user + strictAuthOnly = Allow any authenticated user only if there are no web-app/security-roles --> <Realm className="org.jboss.web.tomcat.security.JBossWebRealm" certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" allRolesMode="authOnly" /> <!-- A subclass of JBossSecurityMgrRealm that uses the authentication behavior of JBossSecurityMgrRealm, but overrides the authorization checks to use JACC permissions with the current java.security.Policy to determine authorized access. - allRolesMode : how to handle an auth-constraint with a role-name=*, one of strict, authOnly, strictAuthOnly + strict = Use the strict servlet spec interpretation which requires that the user have one of the web-app/security-role/role-name + authOnly = Allow any authenticated user + strictAuthOnly = Allow any authenticated user only if there are no web-app/security-roles <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm" certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" allRolesMode="authOnly" /> --> <Host name="localhost"> <!-- Uncomment to enable request dumper. This Valve "logs interesting contents from the specified Request (before processing) and the corresponding Response (after processing). It is especially useful in debugging problems related to headers and cookies." --> <!-- <Valve className="org.apache.catalina.valves.RequestDumperValve" /> --> <!-- Access logger --> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" prefix="localhost_access_log." suffix=".log" pattern="common" directory="${jboss.server.log.dir}" resolveHosts="false" /> --> <!-- Uncomment to enable single sign-on across web apps deployed to this host. Does not provide SSO across a cluster. If this valve is used, do not use the JBoss ClusteredSingleSignOn valve shown below. A new configuration attribute is available beginning with release 4.0.4: cookieDomain configures the domain to which the SSO cookie will be scoped (i.e. the set of hosts to which the cookie will be presented). By default the cookie is scoped to "/", meaning the host that presented it. Set cookieDomain to a wider domain (e.g. "xyz.com") to allow an SSO to span more than one hostname. --> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> --> <!-- Uncomment to enable single sign-on across web apps deployed to this host AND to all other hosts in the cluster. If this valve is used, do not use the standard Tomcat SingleSignOn valve shown above. Valve uses a JBossCache instance to support SSO credential caching and replication across the cluster. The JBossCache instance must be configured separately. See the "jboss-web-clusteredsso-beans.xml" file in the server/all/deploy directory for cache configuration details. Besides the attributes supported by the standard Tomcat SingleSignOn valve (see the Tomcat docs), this version also supports the following attributes: cookieDomain see non-clustered valve above cacheConfig Name of the CacheManager service configuration to use for the clustered SSO cache. See deploy/cluster/jboss-cache-manager.sar/META-INF/jboss-cache-manager-jboss-beans.xml Default is "clustered-sso". treeCacheName Deprecated. Use "cacheConfig". JMX ObjectName of the JBoss Cache MBean used to support credential caching and replication across the cluster. Only used if no cache can be located from the CacheManager service using the "cacheConfig" attribute (or its default value). If not set, the default is "jboss.cache:service=TomcatClusteringCache" maxEmptyLife The maximum number of seconds an SSO with no active sessions will be usable by a request processExpiresInterval The minimum number of seconds between efforts by the valve to find and invalidate SSO's that have exceeded their 'maxEmptyLife'. Does not imply effort will be spent on such cleanup every 'processExpiresInterval'. --> <!-- <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" /> --> <!-- Check for unclosed connections and transaction terminated checks in servlets/jsps. Important: The dependency on the CachedConnectionManager in META-INF/jboss-service.xml must be uncommented, too --> <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve" cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager" transactionManagerObjectName="jboss:service=TransactionManager" /> </Host> </Engine> </Service> </Server>
上一篇: JProfiler使用(二)
推荐阅读
-
Tomcat配置https并访问http自动跳转至https
-
nginx配置文件 http 强跳转 https
-
Tomcat配置https并访问http自动跳转至https
-
Nginx配置同一个域名同时支持http与https两种方式访问实现
-
nginx 与 jboss 配置http自动跳转https
-
使用nginx实现http访问自动跳转到https端口
-
使用nginx实现http访问自动跳转到https端口
-
nginx配置文件 http 强跳转 https
-
Nginx配置同一个域名同时支持http与https两种方式访问实现
-
Nginx+tomcat配置HTTPS请求配置说明(阿里云证书),HTTP自动跳转HTTPS