Of Stack

The Nginx implementation distributes configuration examples based on the domain names http and https

  • 2020-05-09 19:52:02
  • OfStack

tomcat port: 8080 do virtual hosting
nginx port: 80 assigned by domain name

Increases in http in conf/ nginx.conf 



include www.ofstack.com.conf

New conf/www ofstack. com. conf, content is as follows: 



server {

listen 80;

server_name www.ofstack.com;
location / {

    proxy_pass http://127.0.0.1:8080;

    proxy_set_header Host $host:80;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Via "nginx";

}

}

Where 127.0.0.1 is your tomcat host ip

If the agent is https, the content is as follows: 



server {

listen 443;

server_name mail.ofstack.com;
ssl on;

ssl_certificate server.crt;

ssl_certificate_key server.key;
location / {

    proxy_pass https://192.168.0.2:443;

    proxy_set_header Host $host:443;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Via "nginx";
}

}

Among them, 192.168.0.2 is your https host
If the back-end https does not have a certificate, it can be simplified as follows: 


server {

listen 80;

server_name svn.ofstack.com;
location / {

    proxy_pass https://192.168.0.2:443;

    proxy_set_header Host $host:443;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Via "nginx";

    proxy_set_header X-Forwarded-Proto https; # Notice here   Much more 1 line 

}

}

If prompted, "SSL received a record exceeding the maximum allowed length." Error code "ssl_error_rx_record_too_long" missing "ssl on;" The 1 row

server.crt.key is a digital certificate

openssl do certificate 



mkdir ssl

cd ssl

openssl genrsa -des3 -out server.key 1024 #  It will prompt you to type key Make it as long and complicated as possible. I'll use it in several places. I'll copy and paste everything 

openssl req -new -key server.key -out server.csr #  Input organizational information  CN BeiJing HaiDian huozhe.com

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key 

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Here's server.crt server.key you can use it

Related articles: