Java 到tomcat 8的Nginx SSL终止代理_Java_Tomcat_Ssl_Nginx

Java 到tomcat 8的Nginx SSL终止代理

java tomcat ssl nginx

Java 到tomcat 8的Nginx SSL终止代理,java,tomcat,ssl,nginx,Java,Tomcat,Ssl,Nginx,我想配置Nginx，以便它终止SSL，然后通过http将请求转发到后端Tomcat服务器。当我尝试登录时，我被重定向回应用程序，但我得到以下异常 “HTTP状态500-javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败：sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径” 我正

我想配置Nginx，以便它终止SSL，然后通过http将请求转发到后端Tomcat服务器。当我尝试登录时，我被重定向回应用程序，但我得到以下异常

“HTTP状态500-javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败：sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径”

我正在使用jasig cas

Nginx配置

#Load balancing group
upstream main_lb_group {
    ip_hash;
    server 127.0.0.1:8080;
    server 127.0.0.1:8081;
}

#Redirecting HTTP to HTTPS requests
server {
        listen  80;
        return  301     https://$host$request_uri;
}

#Where users access applications, im using subdomain but it could be the main site
server {
        listen 443 ssl;
        server_name subdomain.abc.com;

        location / {
                proxy_pass http://main_lb_group;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

#Tomcat management page for server 1 has its own subdomain backend1.abc.com
server {
        listen 443 ssl;
        server_name backend1.abc.com;

        root /opt/tomcat8b1/webapps/;
        index index.jsp index.html index.htm;

        location / {
                proxy_pass http://127.0.0.1:8080/;
                proxy_connect_timeout       300;
                proxy_send_timeout          300;
                proxy_read_timeout          300;
                send_timeout                300;
        }

        location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
                expires 1M;
        }
}

#Tomcat management page for server 2 has its own subdomain backend2.abc.com
server {
        listen 443 ssl;
        server_name backend2.abc.com;

        root /opt/tomcat8b2/webapps/;
        index index.jsp index.html index.htm;

        location / {
                proxy_pass http://127.0.0.1:8081/;
                proxy_connect_timeout       300;
                proxy_send_timeout          300;
                proxy_read_timeout          300;
                send_timeout                300;
        }

        location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
                expires 1M;
        }
}

有人能帮忙吗？

发现cas服务器在服务器名称属性链接中使用了http而不是https。将其更改为https后工作正常。

结果表明cas服务器在服务器名称属性链接中使用了http而不是https。将其更改为https后，工作正常