nginx前端背后的Artifactory pro服务器

Question

我正在尝试为我们的神器服务器设置ssl.为此,我希望将nginx配置为反向代理.到目前为止,我做了以下工作

- 使用其docker镜像安装了artifactory pro

docker run --name artifactory-registry -p 8081:8081 -v $ARTIFACTORY_HOME/data -v $ARTIFACTORY_HOME/logs  -v $ARTIFACTORY_HOME/backup  -v $ARTIFACTORY_HOME/etc  jfrog-docker-reg2.bintray.io/jfrog/artifactory-pro:latest

- 使用Insatlled nginx sudo apt-get install nginx

我可以在http:// localhost:8081/artifactory/webapp /#/ home访问webapp, 然后在$ ARTIFACTORY_HOME/tomcat/conf/server.xml下的配置文件下访问

<Service name="Catalina">
    <Connector port="8081"/>

    <!-- This is the optional AJP connector -->
    <Connector port="8019" protocol="AJP/1.3"/>

    <Engine name="Catalina" defaultHost="localhost">
        <Host name="localhost" appBase="webapps"/>
    </Engine>

</Service>

从在线发现的来源,nginx需要以下配置作为反向代理

server {
  listen          80;
  server_name     yourdomain.com;
  root            /etc/tomcat7/webapps/apple;

  proxy_cache one;

  location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8080/;
  }
} 

此路径中的'server_name'和'root'应该是什么？另外,我如何测试此设置的反向代理？

Answer 1

通常,您将在其默认HTTPs端口上配置SSL(443).请查看此页面以使用SSL配置nginx.

该server_name是你将连接到您的nginx(从浏览器为例)的主机.通常你会有一个来自贵公司的DNS地址(比如artifactory.mycompany.com),你会使用它,但如果一切都是本地的,你可以localhost改为.以下是端口443上的SSL配置:

server {
    listen 443;
    server_name artifactory.mycompany.com;

    access_log /var/log/nginx/artifactory.access.log;
    error_log /var/log/nginx/artifactory.error.log;

    ssl on;
    ssl_certificate /etc/nginx/ssl/artifactory.crt;
    ssl_certificate_key /etc/nginx/ssl/artifactory.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    location /artifactory {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:8081;
        proxy_pass_header Server;
        proxy_read_timeout 90;
    }
}

只需将您的SSL证书放在配置的位置,就可以了.

现在可以从浏览器连接到https://artifactory.mycompany.com(或者如果你使用的话,可以使用https:// localhostserver_name).