An's Blog
收藏、分享 …
Toggle navigation
Home
Cesium
SuperMap
ArcGIS
MapboxGL
CentOS
GeoServer
Favorites
Archives
Tags
nginx反向代理iServer
2023-03-21 17:30:05
6
0
0
admin
[nginx反向代理iServer.pdf](/api/file/getAttach?fileId=6419791e9a54ae0224000013) Nginx是一个高性能的HTTP和反向代理web服务器,本文以iServer为例介绍一下如何进行nginx反向代理,具体安装过程暂不详述。 ### **一、修改nginx配置文件** 打开nginx安装目录/conf/nginx.conf文件,添加一个server块: #### **1.nginx http代理http接口** server { listen 9000; server_name gis.xiaoshan.gov.cn; client_max_body_size 409600M; #限制文件上传大小,默认1m location / { proxy_pass http://10.32.86.88:8090/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; } } #### **2.nginx https反向代理http接口** 需要ssl证书,另外要配置双方的 X-Forwarded-Proto 为了正确地识别实际用户发出的协议是 http 还是 https。 **第1步:nginx配置** server { listen 443 ssl; server_name gis.xiaoshan.gov.cn; client_max_body_size 409600M; #限制文件上传大小,默认1m ssl_certificate *.crt; #证书路径,支持 crt,pem 类型的证书,不支持 pfx 类型的证书 ssl_certificate_key *.key; #证书key路径 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.32.86.88:8090/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto $scheme; #配置双方的 X-Forwarded-Proto 就是为了正确地识别实际用户发出的协议是 http 还是 https } } **第2步:server配置** 修改iserver安装目录/conf/server.xml,在<Engine>标签加上<Value>,为了正确地识别实际用户发出的协议是 http 还是 https: <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/> #### **3.注意事项** 通过nginx配置https反向代理http时,nginx server代理端口号若不是443 ssl时,需要添加X-Forwarded-port请求头配置项,具体配置如下: **第1步:ginx配置** server { listen 9000 ssl; server_name gis.xiaoshan.gov.cn; client_max_body_size 409600M; #限制文件上传大小,默认1m ssl_certificate *.crt; #证书路径,支持 crt,pem 类型的证书,不支持 pfx 类型的证书 ssl_certificate_key *.key; #证书key路径 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.32.86.88:8090/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; } } **第2步:omcat配置** <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" portHeader="X-Forwarded-port" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/> ➢错误示范 若不加X-Forwarded-port配置,默认https协议将跳转到443端口 二、nginx常用命令 假设已在Linux上安装nginx,文件目录一般位于/usr/local/nginx,进入到nginx后: 1.查看版本号 ./sbin/nginx -v 2.启动 ./sbin/nginx 3.关闭 ./sbin/nginx –s stop 4.重载 nginx处于启动状态时,修改配置文件后, 需要重新加载一下。 ./sbin/nginx –s reload 5.查看进程 ps –ef | grep nginx 参考地址:https://docs.qq.com/doc/DVUhPSHJLd1FyeFpE
Pre:
基于v2ray的websocket+tls+web实现安全网络代理
Next:
SuperMap iPortal门户安全性最佳做法
0
likes
6
Weibo
Wechat
Tencent Weibo
QQ Zone
RenRen
Table of content
An's Blog
admin