我有一个IBM WebSphere服务多个域:
XXXX:8080 / APP1
XXXX:9090 / APP 2
…我需要configurationNginx作为反向代理来服务:
app1.example.com
app2.example.com
这是我的configuration,但它不工作:
server { listen 443 ssl; server_name www.app1.example.com app1.example.com; ssl on; ssl_certificate example.com.crt; ssl_certificate_key example.com.key; ssl_trusted_certificate example.comCA.crt; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; keepalive_timeout 70; location / { access_log app1-access.log; error_log app1-error.log; include /etc/nginx/mime.types; proxy_pass http://xxxx:8080/app1/; add_header X-Proxy-Cache $upstream_cache_status; add_header Front-End-Https on; add_header Cache-Control "public, must-revalidate"; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains"; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } 有了这个configuration,我可以获得login屏幕,但是在放入证书后我得到了404错误。
它看起来不像你采取任何步骤来修复位置标题中的主机和端口。 你可能得到了一个不好的redirect导致404。
无论是使用proxy_redirect还是将websphere设置为“私有头文件”,如本文档所述:
https://developer.ibm.com/wasdev/docs/nginx-websphere-application-server/
> proxy_set_header "$WSSC" $scheme; > proxy_set_header "$WSPR" $server_protocol; > proxy_set_header "$WSRA" $remote_addr; > proxy_set_header "$WSRH" $host; > proxy_set_header "$WSRU" $remote_user"; > proxy_set_header "$WSSN" $server_name; > proxy_set_header "$WSSP" $server_port; > proxy_set_header "$WSIS" $is_ssl; > > # Note that these vars are only available if > # NGINX was built with SSL > proxy_set_header "$WSCC" $ssl_client_cert; > proxy_set_header "$WSCS" $ssl_cipher; > proxy_set_header "$WSSI" $ssl_session_id;