我错误地将这篇文章发布在了 stackoverflow 上(https://stackoverflow.com/questions/65942820/nginx-proxy-to-tomcat) 我也把它放在这里希望能找到一些解决方案。
我经历了几十个教程,但我不明白以下内容(虽然它应该非常基础):
我在 /var/www/mydomain.com 中有一个已编译的 vue 应用程序,我希望它作为静态内容共享。
我的后端由 tomcat 在 8080 上运行,公共 API 位于 /api/something... URL 上。URL 是硬编码的,包括“api”部分。
我想配置 nginx 以将 mydomain.com/api/something... 请求代理到 tomcat,其余请求则从 /var/www/mydomain.com 静态提供。所有内容均通过 SSL 提供。
我确实不需要其他任何东西。
您能帮我配置 nginx 和 tomcat 来实现这一点吗?谢谢!
nginx 配置 /etc/nginx/sites-available/mydomain.com
upstream tomcat {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 443 ssl default_server;
#listen [::]:443 ssl default_server;
root /var/www/mydomain.com;
index index.html index.htm index.nginx-debian.html;
server_name _ mydomain.com www.mydomain.com;
location /api/ {
include proxy_params;
proxy_set_header Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://tomcat;
}
location / {
try_files $uri $uri/ /index.html;
}
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
}
server {
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name _ mydomain.com www.mydomain.com;
return 404; # managed by Certbot
}
(1)我正在尝试的替代位置块
location /api/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://localhost:8080/api/;
}
(2)Praveen Premaratne 建议的替代区块。
这样,我的 get"GET /api/docs HTTP/1.0" 302 -和静态文件也能正常工作。转到 /api/docs 会重定向到domain:8443/api/docs我 get 的位置ERR_CONNECTION_REFUSED。
location /api/ {
include proxy_params;
proxy_pass http://tomcat;
}
location / {
try_files $uri $uri/ /index.html;
}
(3)使用子域名的替代方案。
我能够创建子域名 api.mydomain.com 并配置 nginx 从那里转到索引页(添加以下块)。不知道之后如何进行代理。
server {
listen 443 ssl;
root /var/www/www.mydomain.com; <- redundand I guess?
index index.html index.htm index.nginx-debian.html; <- redundand I guess?
server_name api.mydomain.com
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
}
Tomcat 配置 server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
address="127.0.0.1"
redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
...
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
requestAttributesEnabled="true"
pattern="%h %l %u %t "%r" %s %b" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
protocolHeader="X-Forwarded-Proto" />
...
目前的情况是,当我转到应该运行 swagger 的 mydomain.com/api/docs 时,我被重定向回 mydomain.com 或出现 500 或 502 错误。
答案1
好的,所以在@Praveen Premaratne和@Piotr P. Karwasz和这个文章我想出了以下配置:
不要输入带有“# managed by Certbot”的行,这些行是由 certbot 创建的,请检查https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04
etc/nginx/sites-available/mydomain.com
server {
server_name mydomain.com www.mydomain.com;
root /var/www/mydomain.com;
index index.html;
access_log /var/log/nginx/mydomain-access.log;
error_log /var/log/nginx/mydomain-error.log;
location / {
try_files $uri $uri/ /index.html;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name mydomain.com www.mydomain.com;
listen 80;
return 404; # managed by Certbot
}
/etc/nginx/sites-available/api.mydomain.com
server {
server_name api.mydomain.com;
access_log /var/log/nginx/api-mydomain-access.log;
error_log /var/log/nginx/api-mydomain-error.log;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = api.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name api.mydomain.com;
listen 80;
return 404; # managed by Certbot
}
Tomcat 服务器.xml
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
address="127.0.0.1"
proxyName="api.mydomain.com"
proxyPort="80"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
...
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t %r %s %b" />
</Host>
</Engine>
答案2
尝试这个:
location / {
try_files $uri @backend;
}
location @backend {
include proxy_params;
proxy_pass http://tomcat;
}
答案3
如果我使用子域名方法来执行此操作,我会这样做。
- 为后端 API 创建 Nginx 配置文件
- 为静态 Web 内容创建 Nginx 配置文件
静态 HTML Nginx 文件
mydomain.com.nginx
server {
server_name mydomain.com;
root /var/www/mydomain.com;
index index.html;
access_log /var/log/nginx/mydomain-access.log;
error_log /var/log/nginx/mydomain-error.log;
location / {
try_files $uri $uri/ /index.html;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain.com;
return 404; # managed by Certbot
}
API Nginx 配置文件
api.mydomain.com.nginx
server {
server_name api.mydomain.com;
access_log /var/log/nginx/api-mydomain-access.log;
error_log /var/log/nginx/api-mydomain-error.log;
location / {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = api.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name app.mydomain.com;
return 404; # managed by Certbot
}
您可以将它们添加到/etc/nginx/site-available/目录并启用它们。
附言:我将删除 SSL 内容并运行 Certbot 来更新它们,因为你必须为app.mydomain.com,因此它只会更新文件本身