nginx を Spring Boot (組込み Tomcat) の TLS/SSL リバースプロキシに

NO IMAGE

OS X Yosemite 10.10.1,nginx 1.7.9,Spring Boot 1.2.0 です.

nginx にアクセスした端末の IP アドレスを Spring Boot 側で取得したかったので.

前準備

Homebrew で openssl をインストールしてサーバ証明書を作成して nginx をビルドして HTTPS なサーバを稼働させておきます.

nginx 1.7.9 on OS X Yosemite 10.10.1
https://hirooka.pro/?p=7695

自己認証局 (自己CA) によるサーバ証明書の作成 on OS X Yosemite 10.10.1
https://hirooka.pro/?p=7699

nginx: [warn] nginx was built without OpenSSL ALPN or NPN support, SPDY is not enabled for 0.0.0.0:443 in /usr/local/nginx/conf/nginx.conf
https://hirooka.pro/?p=7707

nginx 1.5.10 で SPDY 3.1
https://hirooka.pro/?p=5194

nginx 側

http {

    ...

    upstream tomcat_server {
        server 127.0.0.1:8080;
    }

    ...

    server {
        listen       443 ssl spdy;

        ....

        location /hello {
            proxy_set_header X-Forwarded-Proto https;
            proxy_redirect   off;
            proxy_set_header Host               $host;
            proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host   $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Real-IP          $remote_addr;
            proxy_pass http://tomcat_server;
        }

        ....

Spring Boot (組込み Tomcat 側)

例えば,

package pro.hirooka.spring_boot_and_nginx;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@Configuration
@ComponentScan
@EnableAutoConfiguration
public class Application {
    public static void main(String[] args){
        SpringApplication.run(Application.class, args);
    }
}

@RestController
class GreetingController {

    @RequestMapping("/hello/{name}")
    String hello(
            @RequestHeader(value="Host") String host,
            @RequestHeader(value="X-Real-IP") String realIp,
            @PathVariable String name) {

        return "Hello, " + name + "!" + "Host: " + host + "X-Real-IP: " + realIp;
    }
}

Module ngx_http_upstream_module
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream

Setting up NGINX SSL reverse proxy for Tomcat
http://webapp.org.ua/sysadmin/setting-up-nginx-ssl-reverse-proxy-for-tomcat/

[雑記] nginx の proxy_set_header の扱い
http://blog.kteru.net/nginx-proxy-set-header/

入門! nginx

Nginxでupstreamにhttpsなホストを設定する時の注意点
http://qiita.com/toritori0318/items/f15b4e165e7170c5055b

nginxカテゴリの最新記事