tomcat Nginx SSL终止,负载平衡不起作用

z9smfwbn  于 2022-11-13  发布在  Nginx
关注(0)|答案(1)|浏览(175)

当我的Nginx配置如下,并且后端tomcat运行在8080上时,Nginx无法与上游通信,并将浏览器重定向到https://backend

upstream backend {
    ip_hash;
       server localhost:8080;
       server 10.10.1.240:80 down;
}
server {
    listen 80;
    listen 443 ssl;
    server_name ...;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_certificate ...;
    ssl_certificate_key ...;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

       location / {
        proxy_pass http://backend;

    }
}

但是当我的Nginx配置如下并且后端tomcat在8443上运行时,一切都运行正常,但是SSL终止目标没有实现:

upstream backend {
    ip_hash;
       server localhost:8443;
       server 10.10.1.240:80 down;
}
server {
    listen 80;
    listen 443 ssl;
    server_name ...;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_certificate ...;
    ssl_certificate_key ...;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

       location / {
        proxy_pass https://backend;

    }
}
lf5gs5x2

lf5gs5x21#

从上游tomcat的web.xml文件中删除以下内容解决了该问题。

<security-constraint>
        <web-resource-collection>
        <web-resource-name>Automatic Forward to HTTPS/SSL
        </web-resource-name>
        <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>

相关问题