1, nginx.conf profile
Use nginx reverse proxy strengths is safer. The back-end code logic into the network server, and is not directly connected to the external network can only be done by an intermediate bridge nginx this server, and the Internet connection is established.
method one:
upstream tomcat {
# server 192.168.220.2:8080 max_fails=5 fail_timeout=30s;
server 127.0.0.1:8080 max_fails=5 fail_timeout=30s;
}
upstream nginx {
# server 192.168.220.2:81 max_fails=5 fail_timeout=30s;
server 127.0.0.1:80 max_fails=5 fail_timeout=30s;
}
server {
listen 80;
server_name pc.ddyunf.com;
error_page 404 /index.html;
location ~ .*\.(pdf|js|css|less|ico|htm|html|gif|jpg|jpeg|png|json|txt|wav|woff|svg|eot|ttf|)$ {
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $http_host;
#proxy_set_header Cookie $http_cookie;
#proxy_set_header X-Forwarded-Proto http;
root /opt/web/pch5/ ;
index index.html index.htm;
# proxy_pass http://nginx;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Forwarded-Proto http;
proxy_intercept_errors on;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
client_max_body_size 3m;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://tomcat;
}
}
Second way:
server {
listen 9002;
server_name 192.168.30.153;
root /home/qdfinance/apps/pages/hr/;
location / {
proxy_set_header Host $host:$server_port;
proxy_pass http://192.168.30.153:8089/;
}
location = / {
root /home/qdfinance/apps/pages/hr/;
add_header Cache-Control "no-cache, no-store";
}
location /index.html {
root /home/qdfinance/apps/pages/hr/;
add_header Cache-Control "no-cache, no-store";
}
location /static/ {
root /home/qdfinance/apps/pages/hr/;
}
}
2, to take effect _ reload nginx
nginx/sbin/nginx -s reload