nginx 配置:
server {
listen 443 ssl;
server_name crowd.example.com;
access_log off;
client_max_body_size 10M;
ssl_certificate /etc/nginx/ssl/crowd.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/crowd.example.com.key;
location / {
proxy_pass http://localhost:8095/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
port_in_redirect off;
proxy_redirect https://crowd.example.com/ /;
}
}
Crowd 的 server.xml 中的相关部分:
<Service name="Catalina">
<Connector
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8095"
redirectPort="8443"
useBodyEncodingForURI="true"
URIEncoding="UTF-8"
proxyName="crowd.example.com"
proxyPort="443"
scheme="https"
secure="true"/>
<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"/>
</Engine>
<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
</Service>
这是我的crowd.properties:
session.lastvalidation=session.lastvalidation
session.tokenkey=session.tokenkey
crowd.server.url=http\://localhost\:8095/crowd/services/
application.name=crowd
http.timeout=30000
session.isauthenticated=session.isauthenticated
application.login.url=http\://localhost\:8095/crowd
session.validationinterval=0
application.password=fslLXYfj9DehGTmGjLqZbX
即将https://crowd.example.com/crowd导致重定向循环登录后。您可以访问登录页面。(此外,https://crowd.example.com/也可以。)使用 FF 中的 Firebug 查看它,我发现它在https://crowd.commercialfire.com/crowd/console/login.action和 https://crowd.commercialfire.com/crowd/console/defaultstartpage.action。
答案1
假设 nginx 在同一台机器上,请在 nginx 上尝试此代理配置:
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8095/;
proxy_redirect off;
proxy_connect_timeout 300;
}
并添加address="127.0.0.1"
到 server.xml 文件中的连接器定义(带有代理名称的主要定义)