zoukankan      html  css  js  c++  java
  • nginx + tomcat配置https的两种方法

    # The frist method:

    — Nginx and Tomcat using HTTPS:

    1. nginx configuration:

         upstream test {

            server 172.16.7.30:8443 weight=1;

         }

         upstream master {

            server 172.16.7.31:8443 weight=1;

         }

    server {

             listen 80;

             server_name test.hbc315.com master.hbc315.com;

             rewrite ^(.*)$ https://$host$1 permanent;              # Used together ports 80 and 443; Redirect request port from 80 to 443

         }

         server {

             listen 443 ssl;

             server_name test.mysite.com master.mysite.com;

    ssl                   on; 

             ssl_certificate       server.pem; 

             ssl_certificate_key   server.key; 

             ssl_session_timeout   5m; 

             ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;

             #ssl_ciphers   HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; 

             ssl_ciphers  ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;

             ssl_prefer_server_ciphers    on;

             location / { 

                     set $domain "";

                     if ($http_host ~* "^(test)" ) {set $domain "test";}

                     if ($http_host ~* "^(master)" ) {set $domain "master";}

                     proxy_pass  https://$domain;

                     proxy_http_version  1.1;

                     proxy_set_header  Connection "";

                     proxy_redirect           off;

                     proxy_set_header         Host $host;

                     proxy_set_header         X-Real-IP $remote_addr;

                     proxy_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;

       #proxy_set_header     X-Forwarded--Proto https;

                     client_max_body_size     500m;

                     client_body_buffer_size  1m;

                     proxy_connect_timeout    600;

                     proxy_send_timeout       600;

                     proxy_read_timeout       600;

                     proxy_buffer_size        400k;

                     proxy_buffers            4 1m;

                     proxy_busy_buffers_size  2m;

                     proxy_temp_file_write_size  1m;

             }

         }

    2. tomcat configuration:

    1) Execute the following command:

    # keytool -genkey -alias tomcat -keyalg RSA -keystore /root/tomcat/conf/ssl.keystore       # Generate certificate KEY

    Enter keystore password:  

    Re-enter new password: 

    What is your first and last name?

         [Unknown]:  192.16.7.30 # domain or IP

    What is the name of your organizational unit?

         [Unknown]:  hbc

    What is the name of your organization?

         [Unknown]:  hbc

    What is the name of your City or Locality?

         [Unknown]:  bj

    What is the name of your State or Province?

         [Unknown]:  bj

    What is the two-letter country code for this unit?

         [Unknown]:  cn # The default CN of china

    Is CN=192.16.7.30, OU=hbc, O=hbc, L=bj, ST=bj, C=cn correct?

         [no]:  y

    Enter key password for <tomcat>

    (RETURN if same as keystore password):  

    Re-enter new password:

    2) Configure server.xml:

         <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

                    maxThreads="150"

    SSLEnabled="true"

    scheme="https"

    secure="true"

                    clientAuth="false" sslProtocol="TLS" 

            keystoreFile="/root/tomcat/conf/ssl.keystore"

            keystorePass="tomcat" /> # The above steps to set the password

    =========================================

    # The second method:

    — Nginx using HTTPS; Nginx with Tomcat interaction using HTTP

    1. nginx configuration:

         upstream test {

            server 172.16.7.30:8080 weight=1; # Here is different from above

         }

         upstream master {

            server 172.16.7.31:8080 weight=1; # Here is different from above

         }

    server {

             listen 80;

             server_name test.hbc315.com master.hbc315.com;

             rewrite ^(.*)$ https://$host$1 permanent;              # Used together ports 80 and 443; Redirect request port from 80 to 443

         }

         server {

             listen 443 ssl;

             server_name test.mysite.com master.mysite.com;

    ssl                   on; 

             ssl_certificate       server.pem; 

             ssl_certificate_key   server.key; 

             ssl_session_timeout   5m; 

             ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;

             #ssl_ciphers   HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; 

             ssl_ciphers  ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;

             ssl_prefer_server_ciphers    on;

             location / { 

                     set $domain "";

                     if ($http_host ~* "^(test)" ) {set $domain "test";}

                     if ($http_host ~* "^(master)" ) {set $domain "master";}

                     proxy_pass  http://$domain;               # Here is different from above

                     proxy_http_version  1.1;

                     proxy_set_header  Connection "";

                     proxy_redirect           off;

                     proxy_set_header         Host $host;

                     proxy_set_header         X-Real-IP $remote_addr;

                     proxy_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;

       proxy_set_header     X-Forwarded--Proto https;               # Here is different from above

                     client_max_body_size     500m;

                     client_body_buffer_size  1m;

                     proxy_connect_timeout    600;

                     proxy_send_timeout       600;

                     proxy_read_timeout       600;

                     proxy_buffer_size        400k;

                     proxy_buffers            4 1m;

                     proxy_busy_buffers_size  2m;

                     proxy_temp_file_write_size  1m;

             }

         }

    2. tomcat configuration:

    Configure server.xml file(On the basis of the default configuration file):

    1) Add port proxy forwarding:

    <Connector port="8080" protocol="HTTP/1.1"

    connectionTimeout="20000"

    redirectPort="443" # Take 8443 to 443

    proxyPort="443"/> # Add a line parameters

    2) Add <host> tag value:

    <Valve className="org.apache.catalina.valves.RemoteIpValve"

    remoteIpHeader="x-forwarded-for"

                       remoteIpProxiesHeader="x-forwarded-by"

                       protocolHeader="x-forwarded-proto"/>

  • 相关阅读:
    轻重搭配
    EF的优缺点
    使用bootstrap-select有时显示“Nothing selected”
    IIS发布 HTTP 错误 500.21
    js添加的元素无法触发click事件
    sql server查看表是否死锁
    sql server把一个库表的某个字段更新到另一张表的相同字段
    SQLSERVER排查CPU占用高的情况
    SQL server中如何按照某一字段中的分割符将记录拆成多条
    LINQ to Entities does not recognize the method 'System.DateTime AddDays(Double)' method, and this method cannot be translated into a store expression.
  • 原文地址:https://www.cnblogs.com/telwanggs/p/14977391.html
Copyright © 2011-2022 走看看