我正在尝试为 tomcat 应用程序 docker 容器设置 Nginx 反向代理。我有 app1 和 app2 在主机端口 8028 和 8030 上监听(容器内部绑定在 8080 上)。并且 Nginx 和 docker 设置在不同的服务器上。
192.168.1.10 => nginx => example.com
192.168.1.20:8028/app1 => tomcat app1 (doker 容器)
192.168.1.20:8030/app2 => tomcat app2 (doker 容器)
现在尝试设置代理来访问应用程序
- https://example.com/app1=> 代理至 192.168.1.20:8028/app1
- https://example.com/app1=> 代理至 192.168.1.20:8030/app2
现在的问题是 tomcat 重定向端口设置为“443”。这会造成重定向循环。如果我使用 apache 和 ajp 连接器访问同一个 tomcat 应用程序,则可以访问。但有多个应用程序,并且想要设置一个中央代理服务器。
以下是配置
upstream backend1 {
server 192.168.1.20:8028;
}
upstream backend2 {
server 192.168.1.20:8030;
}
server {
listen 80;
server_name example.com;
access_log /var/log/nginx/example.com-access.log ;
error_log /var/log/nginx/example.com-error.log ;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
large_client_header_buffers 4 256k;
location /app1 {
proxy_pass http://backend1/app1;
}
location /app2 {
proxy_pass http://backend2/app2;
}
#return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
large_client_header_buffers 4 256k;
access_log /var/log/nginx/example.com-access.log ;
error_log /var/log/nginx/example.com-error.log ;
ssl_client_certificate /etc/nginx/conf/ssl/ca.crt;
ssl_certificate /etc/nginx/conf/ssl/apache.crt;
ssl_certificate_key /etc/nginx/conf/ssl/apache.key;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
location /app1 {
proxy_pass http://backend1/app1;
}
location /app2 {
proxy_pass http://backend2/app2;
}
}
答案1
我能够使用位置块中的以下标题修复此重定向循环。
proxy_set_header X-SSL-Request 1;