无法通过nginx位置和代理权限访问Glassfish4管理控制台
各位 我们有一个在Glassfish4下运行的java应用程序。我想通过在防火墙级别关闭4848并通过nginx中的location指令访问它来禁用对Glassfish管理服务器的直接访问(同时将SSL卸载到nginx) 启用无法通过nginx位置和代理权限访问Glassfish4管理控制台,nginx,reverse-proxy,glassfish-4,Nginx,Reverse Proxy,Glassfish 4,各位 我们有一个在Glassfish4下运行的java应用程序。我想通过在防火墙级别关闭4848并通过nginx中的location指令访问它来禁用对Glassfish管理服务器的直接访问(同时将SSL卸载到nginx) 启用asadmin enable secure admin后,我可以通过进入管理服务器并正常管理它 但是,当我通过asadmin禁用安全管理时,请禁用安全管理并使用以下位置块进行访问 # Reverse proxy to access Glassfish Admin s
asadmin enable secure admin
后,我可以通过进入管理服务器并正常管理它
但是,当我通过asadmin禁用安全管理时,请禁用安全管理并使用以下位置块进行访问
# Reverse proxy to access Glassfish Admin server
location /Glassfish {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass http://127.0.0.1:4848;
}
我得到一个空白屏幕,在nginx错误日志中我能找到的唯一参考是
2015/10/05 09:13:57 [error] 29429#0: *157 open() "/usr/share/nginx/html/resource/community-theme/images/login-product_name_open.png" failed (2: No such file or directory), client: 104.17.0.4, server: foo.domain.com, request: "GET /resource/community-theme/images/login-product_name_open.png HTTP/1.1", host: "foo.domain.com", referrer: "https://foo.domain.com/Glassfish"
在网上阅读文档时,我确实看到:
必须启用安全管理员才能远程访问DAS
我想做的事根本不可能吗
编辑:以下是完整的nginx配置
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
#sendfile off;
tcp_nopush on;
tcp_nodelay off;
#keepalive_timeout 65;
types_hash_max_size 2048;
# Default HTTP server on 80 port
server {
listen 192.168.1.10:80 default_server;
#listen [::]:80 default_server;
server_name foo-dev.domain.com;
return 301 https://$host$request_uri;
}
# Default HTTPS server on 443 port
server {
listen 443;
server_name foo-dev.domain.com;
ssl_certificate /etc/ssl/certs/foo-dev.domain.com.crt;
ssl_certificate_key /etc/ssl/certs/foo-dev.domain.com.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/foo-dev.domain.com.access.ssl.log;
# Reverse proxy access to foo hospitality service implementation at BC back-end
location /AppEndPoint {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass http://foo-dev.domain.com:8080;
}
# Reverse proxy to access Glassfish Admin server
location /Glassfish {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass http://127.0.0.1:4848;
}
# Reverse proxy access to all processed servers by both client and server component
location /messages {
alias /integration/archive/app-messages/;
autoindex on;
#auth_basic "Integration Team Login";
#auth_basic_user_file /integration/archive/app-messages/requests/.htpasswd;
}
}
}
/AppEndPoint位置块是正常工作的Glassfish应用程序服务器,只有/Glassfish位置块给我带来了麻烦。好的,谢谢您的编辑
尝试:
listen: 443 ssl;
顺便说一句,Mozilla提供了一个很好的配置帮助:
如果您将请求转发到位置/Glassfish
,则必须修剪请求url以删除/Glassfish
。归功于
顺便说一句,您的其他配置工作是在SSL上进行的吗?只有代理中的更改才会通过httphttps
location / {
proxy_pass https://localhost:4848;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection 'upgrade';
#proxy_set_header Host $host;
#proxy_cache_bypass $http_upgrade;
}
当启用/禁用安全管理时,端口4848上的模式发生更改,您可能会遇到http和https的配置问题。您需要发布nginx侦听配置以获取更多信息investigation@Dainesch添加的完整nginx configuration.SSL与配置的其余部分配合良好。将
ssl
添加到listen指令没有帮助。我不需要重新编写请求url(基于在nginx中使用其他产品的proxy_pass经验),但是如果我这样做,我会最后重写^/Glassfish(.*)$/$1代码>它正确地重定向到根html目录,并给我一个nginx“Welcometoblah”页面。如果我将其替换为rewrite^/Glassfish(.*)$/$1 break代码>我收到了最初发布的相同错误。更新proxypass alahttp://127.0.0.1:4848/
如@Jchieppa hi所述!我有完全相同的问题。你的解决方案是什么?帕亚拉也有同样的问题。有什么提示可以解决这个问题吗?