无法通过nginx位置和代理权限访问Glassfish4管理控制台

各位

我们有一个在Glassfish4下运行的java应用程序。我想通过在防火墙级别关闭4848并通过nginx中的location指令访问它来禁用对Glassfish管理服务器的直接访问（同时将SSL卸载到nginx）

启用

asadmin enable secure admin

后，我可以通过进入管理服务器并正常管理它

但是，当我通过asadmin禁用安全管理时，请禁用安全管理并使用以下位置块进行访问

    # Reverse proxy to access Glassfish Admin server
    location /Glassfish {
    proxy_set_header               Host $host;
      proxy_set_header               X-Real-IP $remote_addr;
      proxy_set_header               X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header               X-Forwarded-Proto $scheme;
      proxy_max_temp_file_size      0;
      client_max_body_size           10m;
      client_body_buffer_size        128k;
      proxy_send_timeout             90;
      proxy_read_timeout             90;
      proxy_buffering                off;
      proxy_buffer_size              4k;
      proxy_buffers                  4 32k;
      proxy_busy_buffers_size        64k;
      proxy_temp_file_write_size     64k;
      proxy_pass                            http://127.0.0.1:4848;
    }

我得到一个空白屏幕，在nginx错误日志中我能找到的唯一参考是

2015/10/05 09:13:57 [error] 29429#0: *157 open() "/usr/share/nginx/html/resource/community-theme/images/login-product_name_open.png" failed (2: No such file or directory), client: 104.17.0.4, server: foo.domain.com, request: "GET /resource/community-theme/images/login-product_name_open.png HTTP/1.1", host: "foo.domain.com", referrer: "https://foo.domain.com/Glassfish"

在网上阅读文档时，我确实看到：

必须启用安全管理员才能远程访问DAS

我想做的事根本不可能吗

编辑：以下是完整的nginx配置

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log  main;

    #sendfile            off;
    tcp_nopush          on;
    tcp_nodelay         off;
    #keepalive_timeout   65;
    types_hash_max_size 2048;

    # Default HTTP server on 80 port
    server {
        listen       192.168.1.10:80 default_server;
        #listen       [::]:80 default_server;
        server_name  foo-dev.domain.com;
        return 301 https://$host$request_uri;
    }

    # Default HTTPS server on 443 port
    server {
      listen 443;
      server_name foo-dev.domain.com;
      ssl_certificate           /etc/ssl/certs/foo-dev.domain.com.crt;
      ssl_certificate_key       /etc/ssl/certs/foo-dev.domain.com.key;

      ssl on;
      ssl_session_cache  builtin:1000  shared:SSL:10m;
      ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
      ssl_prefer_server_ciphers on;

      access_log            /var/log/nginx/foo-dev.domain.com.access.ssl.log;
        # Reverse proxy access to foo hospitality service implementation at BC back-end
        location /AppEndPoint {
          proxy_set_header               Host $host;
          proxy_set_header               X-Real-IP $remote_addr;
          proxy_set_header               X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header               X-Forwarded-Proto $scheme;
          proxy_max_temp_file_size      0;
          client_max_body_size           10m;
          client_body_buffer_size        128k;
          proxy_send_timeout             90;
          proxy_read_timeout             90;
          proxy_buffering                off;
          proxy_buffer_size              4k;
          proxy_buffers                  4 32k;
          proxy_busy_buffers_size        64k;
          proxy_temp_file_write_size     64k;
          proxy_pass                            http://foo-dev.domain.com:8080;
        }

        # Reverse proxy to access Glassfish Admin server
         location /Glassfish {
        proxy_set_header               Host $host;
      proxy_set_header               X-Real-IP $remote_addr;
      proxy_set_header               X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header               X-Forwarded-Proto $scheme;
      proxy_max_temp_file_size      0;
      client_max_body_size           10m;
      client_body_buffer_size        128k;
      proxy_send_timeout             90;
      proxy_read_timeout             90;
      proxy_buffering                off;
      proxy_buffer_size              4k;
      proxy_buffers                  4 32k;
      proxy_busy_buffers_size        64k;
      proxy_temp_file_write_size     64k;
      proxy_pass                            http://127.0.0.1:4848;
    }

        # Reverse proxy access to all processed servers by both client and server component
        location /messages {
          alias /integration/archive/app-messages/;
          autoindex on;
          #auth_basic "Integration Team Login";
          #auth_basic_user_file /integration/archive/app-messages/requests/.htpasswd;

        }
   }
}

/AppEndPoint位置块是正常工作的Glassfish应用程序服务器，只有/Glassfish位置块给我带来了麻烦。

好的，谢谢您的编辑

尝试：

listen: 443 ssl;

顺便说一句，Mozilla提供了一个很好的配置帮助：

如果您将请求转发到

位置/Glassfish

，则必须修剪请求url以删除

/Glassfish

。归功于

---

顺便说一句，您的其他配置工作是在SSL上进行的吗？

只有代理中的更改才会通过httphttps

location / {
proxy_pass https://localhost:4848;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection 'upgrade';
#proxy_set_header Host $host;
#proxy_cache_bypass $http_upgrade;
}

---

当启用/禁用安全管理时，端口4848上的模式发生更改，您可能会遇到http和https的配置问题。您需要发布nginx侦听配置以获取更多信息investigation@Dainesch添加的完整nginx configuration.SSL与配置的其余部分配合良好。将

ssl

添加到listen指令没有帮助。我不需要重新编写请求url（基于在nginx中使用其他产品的proxy_pass经验），但是如果我这样做，我会最后重写^/Glassfish（.*）$/$1它正确地重定向到根html目录，并给我一个nginx“Welcometoblah”页面。如果我将其替换为

rewrite^/Glassfish（.*）$/$1 break我收到了最初发布的相同错误。更新proxypass ala
http://127.0.0.1:4848/
如@Jchieppa hi所述！我有完全相同的问题。你的解决方案是什么？帕亚拉也有同样的问题。有什么提示可以解决这个问题吗？