1. 首页
  2. 问答
  3. 无法通过nginx位置和代理服务器访问Glassfish4管理控制台

无法通过nginx位置和代理服务器访问Glassfish4管理控制台

2015-10-05 54 views
0

Folk,无法通过nginx位置和代理服务器访问Glassfish4管理控制台

我们有一个在Glassfish4下运行的Java应用程序。我想通过在防火墙级关闭4848并通过nginx中的位置指令访问它(同时将SSL卸载到nginx)来禁用对Glassfish管理服务器的直接访问。

asadmin enable-secure-admin打开我可以通过https://foo.domain.com:4848进入管理服务器和管理通常它。

然而,当我通过asadmin disable-secure-admin与以下位置块

# Reverse proxy to access Glassfish Admin server 
    location /Glassfish { 
    proxy_set_header    Host $host; 
     proxy_set_header    X-Real-IP $remote_addr; 
     proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header    X-Forwarded-Proto $scheme; 
     proxy_max_temp_file_size  0; 
     client_max_body_size   10m; 
     client_body_buffer_size  128k; 
     proxy_send_timeout    90; 
     proxy_read_timeout    90; 
     proxy_buffering    off; 
     proxy_buffer_size    4k; 
     proxy_buffers     4 32k; 
     proxy_busy_buffers_size  64k; 
     proxy_temp_file_write_size  64k; 
     proxy_pass       http://127.0.0.1:4848; 
    }

ALA https://foo.domain.com/Glassfish我得到了一个空白页面访问禁用安全管理员,我可以在nginx的错误日志找到的唯一参考是

2015/10/05 09:13:57 [error] 29429#0: *157 open() "/usr/share/nginx/html/resource/community-theme/images/login-product_name_open.png" failed (2: No such file or directory), client: 104.17.0.4, server: foo.domain.com, request: "GET /resource/community-theme/images/login-product_name_open.png HTTP/1.1", host: "foo.domain.com", referrer: "https://foo.domain.com/Glassfish"

阅读文档和在网上我也看到:

必须启用安全管理员才能远程访问DAS

我试图做什么简直不可能?

编辑:如下要求是全面nginx的配置。

http { 
    log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
         '$status $body_bytes_sent "$http_referer" ' 
         '"$http_user_agent" "$http_x_forwarded_for"'; 

    access_log /var/log/nginx/access.log main; 

    #sendfile   off; 
    tcp_nopush   on; 
    tcp_nodelay   off; 
    #keepalive_timeout 65; 
    types_hash_max_size 2048; 

    # Default HTTP server on 80 port 
    server { 
     listen  192.168.1.10:80 default_server; 
     #listen  [::]:80 default_server; 
     server_name foo-dev.domain.com; 
     return 301 https://$host$request_uri; 
    } 

    # Default HTTPS server on 443 port 
    server { 
     listen 443; 
     server_name foo-dev.domain.com; 
     ssl_certificate   /etc/ssl/certs/foo-dev.domain.com.crt; 
     ssl_certificate_key  /etc/ssl/certs/foo-dev.domain.com.key; 

     ssl on; 
     ssl_session_cache builtin:1000 shared:SSL:10m; 
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
     ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; 
     ssl_prefer_server_ciphers on; 

     access_log   /var/log/nginx/foo-dev.domain.com.access.ssl.log; 
     # Reverse proxy access to foo hospitality service implementation at BC back-end 
     location /AppEndPoint { 
      proxy_set_header    Host $host; 
      proxy_set_header    X-Real-IP $remote_addr; 
      proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header    X-Forwarded-Proto $scheme; 
      proxy_max_temp_file_size  0; 
      client_max_body_size   10m; 
      client_body_buffer_size  128k; 
      proxy_send_timeout    90; 
      proxy_read_timeout    90; 
      proxy_buffering    off; 
      proxy_buffer_size    4k; 
      proxy_buffers     4 32k; 
      proxy_busy_buffers_size  64k; 
      proxy_temp_file_write_size  64k; 
      proxy_pass       http://foo-dev.domain.com:8080; 
     } 

     # Reverse proxy to access Glassfish Admin server 
     location /Glassfish { 
     proxy_set_header    Host $host; 
     proxy_set_header    X-Real-IP $remote_addr; 
     proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header    X-Forwarded-Proto $scheme; 
     proxy_max_temp_file_size  0; 
     client_max_body_size   10m; 
     client_body_buffer_size  128k; 
     proxy_send_timeout    90; 
     proxy_read_timeout    90; 
     proxy_buffering    off; 
     proxy_buffer_size    4k; 
     proxy_buffers     4 32k; 
     proxy_busy_buffers_size  64k; 
     proxy_temp_file_write_size  64k; 
     proxy_pass       http://127.0.0.1:4848; 
    } 

     # Reverse proxy access to all processed servers by both client and server component 
     location /messages { 
      alias /integration/archive/app-messages/; 
      autoindex on; 
      #auth_basic "Integration Team Login"; 
      #auth_basic_user_file /integration/archive/app-messages/requests/.htpasswd; 

     } 
    } 
}

的/ AppEndPoint所在地块是正常运行的GlassFish应用服务器,它只是多数民众赞成给我麻烦/ Glassfish的位置块。

来源

2015-10-05 Jchieppa

+0

你可能有HTTP和HTTPS的配置问题,因为在端口4848的模式改变时,启用/禁用安全管理。 您需要发布您的nginx听的配置作进一步调查 – Dainesch

+0

@Dainesch添加了完整的nginx的配置。 – Jchieppa

回答

0

好的thx,为您编辑。

尝试:

listen: 443 ssl;

BTW一个很好的配置帮助是由Mozilla提供:SSL Generator

,如果你转发请求location /Glassfish你将不得不修剪请求URL删除/Glassfish。致谢Rewrite

顺便说一句不上SSL你的配置工作的其他人呢?

来源

2015-10-08 20:33:27 Dainesch

+0

SSL可以与配置的其余部分一起正常工作。向listen指令添加'ssl'没有帮助。我不应该做一个请求url重写(基于nginx中的其他产品proxy_pass的经验),但如果我这样做ala'最后重写^/Glassfish(。*)$/$ 1;'它正确地重定向到根目录的html目录给了我nginx的“welcome to blah blah”页面。如果我用'rewrite ^/Glassfish(。*)$/$ 1 break'替换它''我得到最初发布的相同错误。也没有更新proxyla ala'http://127.0.0.1:4848 /'[概述] [这里](http://serverfault.com/a/725433/182600) – Jchieppa

+0

@Jchieppa嗨!我有完全相同的问题。你的解决方案是什么? – seinecle

相关问题

 相关问题