Java 到tomcat 8的Nginx SSL终止代理
我想配置Nginx,以便它终止SSL,然后通过http将请求转发到后端Tomcat服务器。当我尝试登录时,我被重定向回应用程序,但我得到以下异常 “HTTP状态500-javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径” 我正在使用jasig cas Nginx配置Java 到tomcat 8的Nginx SSL终止代理,java,tomcat,ssl,nginx,Java,Tomcat,Ssl,Nginx,我想配置Nginx,以便它终止SSL,然后通过http将请求转发到后端Tomcat服务器。当我尝试登录时,我被重定向回应用程序,但我得到以下异常 “HTTP状态500-javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径” 我正
#Load balancing group
upstream main_lb_group {
ip_hash;
server 127.0.0.1:8080;
server 127.0.0.1:8081;
}
#Redirecting HTTP to HTTPS requests
server {
listen 80;
return 301 https://$host$request_uri;
}
#Where users access applications, im using subdomain but it could be the main site
server {
listen 443 ssl;
server_name subdomain.abc.com;
location / {
proxy_pass http://main_lb_group;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#Tomcat management page for server 1 has its own subdomain backend1.abc.com
server {
listen 443 ssl;
server_name backend1.abc.com;
root /opt/tomcat8b1/webapps/;
index index.jsp index.html index.htm;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1M;
}
}
#Tomcat management page for server 2 has its own subdomain backend2.abc.com
server {
listen 443 ssl;
server_name backend2.abc.com;
root /opt/tomcat8b2/webapps/;
index index.jsp index.html index.htm;
location / {
proxy_pass http://127.0.0.1:8081/;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1M;
}
}
有人能帮忙吗?发现cas服务器在服务器名称属性链接中使用了http而不是https。将其更改为https后工作正常。结果表明cas服务器在服务器名称属性链接中使用了http而不是https。将其更改为https后,工作正常