Folk,无法通过nginx位置和代理服务器访问Glassfish4管理控制台
我们有一个在Glassfish4下运行的Java应用程序。我想通过在防火墙级关闭4848并通过nginx中的位置指令访问它(同时将SSL卸载到nginx)来禁用对Glassfish管理服务器的直接访问。
与asadmin enable-secure-admin
打开我可以通过https://foo.domain.com:4848进入管理服务器和管理通常它。
然而,当我通过asadmin disable-secure-admin
与以下位置块
# Reverse proxy to access Glassfish Admin server
location /Glassfish {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass http://127.0.0.1:4848;
}
ALA https://foo.domain.com/Glassfish我得到了一个空白页面访问禁用安全管理员,我可以在nginx的错误日志找到的唯一参考是
2015/10/05 09:13:57 [error] 29429#0: *157 open() "/usr/share/nginx/html/resource/community-theme/images/login-product_name_open.png" failed (2: No such file or directory), client: 104.17.0.4, server: foo.domain.com, request: "GET /resource/community-theme/images/login-product_name_open.png HTTP/1.1", host: "foo.domain.com", referrer: "https://foo.domain.com/Glassfish"
阅读文档和在网上我也看到:
必须启用安全管理员才能远程访问DAS
我试图做什么简直不可能?
编辑:如下要求是全面nginx的配置。
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
#sendfile off;
tcp_nopush on;
tcp_nodelay off;
#keepalive_timeout 65;
types_hash_max_size 2048;
# Default HTTP server on 80 port
server {
listen 192.168.1.10:80 default_server;
#listen [::]:80 default_server;
server_name foo-dev.domain.com;
return 301 https://$host$request_uri;
}
# Default HTTPS server on 443 port
server {
listen 443;
server_name foo-dev.domain.com;
ssl_certificate /etc/ssl/certs/foo-dev.domain.com.crt;
ssl_certificate_key /etc/ssl/certs/foo-dev.domain.com.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/foo-dev.domain.com.access.ssl.log;
# Reverse proxy access to foo hospitality service implementation at BC back-end
location /AppEndPoint {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass http://foo-dev.domain.com:8080;
}
# Reverse proxy to access Glassfish Admin server
location /Glassfish {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass http://127.0.0.1:4848;
}
# Reverse proxy access to all processed servers by both client and server component
location /messages {
alias /integration/archive/app-messages/;
autoindex on;
#auth_basic "Integration Team Login";
#auth_basic_user_file /integration/archive/app-messages/requests/.htpasswd;
}
}
}
的/ AppEndPoint所在地块是正常运行的GlassFish应用服务器,它只是多数民众赞成给我麻烦/ Glassfish的位置块。
你可能有HTTP和HTTPS的配置问题,因为在端口4848的模式改变时,启用/禁用安全管理。 您需要发布您的nginx听的配置作进一步调查 – Dainesch
@Dainesch添加了完整的nginx的配置。 – Jchieppa