526互联

Tomcat 域名、Supmap iServer服务与nginx代理SSL证书,启用Https

发布时间 2023-07-01 15:36:45作者: 且行且思

背景

使用iServer发布服务的时候经常会涉及到nginx代理,负载集群或者反向代理,都是常见的使用场景,下面就nginx代理iServer服务的一些问题做个简单总结。

 

一、Tomcat 配置业务系统,一级域名,正常启用Http协议,自定义内部端口,端口可以不开放公网:

Tomcat 8.5.x\conf\server.xml

<?xml version="1.0" encoding="UTF-8"?>

<Server port="8000" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />

  <!-- APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>

    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">  
    <Connector URIEncoding="UTF-8" port="8080" protocol="HTTP/1.1"
               connectionTimeout="8000" redirectPort="8443" /> 
   
    <Engine name="Catalina" defaultHost="localhost">
      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
      
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="false" >
        <Context Path="typg" docBase="/typg/" debug="0" reloadable="false" />

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      <Context crossContext="true" docBase="E:\\biggit\\files" path="/pimages" reloadable="true"></Context>
      </Host>
     
    </Engine>
  </Service>
</Server>

 

第二、Supmap iServer服务发布

supermap-iserver-11.0.0-windows-x64-deploy\conf\server.xml

<?xml version="1.0" encoding="UTF-8"?>
<Server port="8915" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>  
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

 <!--APR library loader. Documentation at /docs/apr.html -->
<Service name="Catalina"> 
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" relaxedPathChars="|{}[],%" relaxedQueryChars="|{}[],%" 
connectionTimeout="8000" URIEncoding="utf-8" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" 
keystoreFile="d:/ssl/dffwzscn/site.pfx" keystorePass="8sc1cv5a" clientAuth="false" sslProtocol="TLS" 
sslEnabledProtocols="TLSv1.2" 
compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css,application/javascript,application/xml,application/json,application/rjson" /> <Engine name="Catalina" defaultHost="www.dffwzs.cn"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
      </Realm>

      <Host name="www.xxx.cn"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <!-- not display exception and server info-->
        <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />       
      </Host>
     
    </Engine>
  </Service>
</Server>