zoukankan      html  css  js  c++  java
  • Nginx + Tomat https ssl 部署方案

    之前就玩过这个https的部署方案,挺简单的,但是好久没搞,又有点忘了,果然好记性不如烂笔头

    再重新温习一下....

    1,准备证书

    2,下载nginx

    3,准备tomcat

    4,配置nginx.conf,如示例

      1 #user  nobody;
      2 worker_processes  1;
      3 
      4 #error_log  logs/error.log;
      5 #error_log  logs/error.log  notice;
      6 #error_log  logs/error.log  info;
      7 
      8 #pid        logs/nginx.pid;
      9 
     10 
     11 events {
     12     worker_connections  1024;
     13 }
     14 
     15 
     16 http {
     17     include       mime.types;
     18     default_type  application/octet-stream;
     19 
     20     #log_format  main  '$remote_addr - $remote_user [$time_local] '$request' '
     21     #                  '$status $body_bytes_sent '$http_referer' '
     22     #                  ''$http_user_agent' '$http_x_forwarded_for'';
     23 
     24     #access_log  logs/access.log  main;
     25 
     26     sendfile        on;
     27     #tcp_nopush     on;
     28 
     29     #keepalive_timeout  0;
     30     keepalive_timeout  65;
     31     
     32     upstream xxyrpc {
     33         server 127.0.0.1:8007 ;
     34         #server 192.168.7.97:8080 ;
     35     }
     36     
     37     upstream xxyweb {
     38         server 127.0.0.1:8007 ;
     39         #server 127.0.0.1:8081 ;
     40     }
     41     
     42     ###############-------test--示例-------#####################################
     43     server {
     44         listen       80;
     45         server_name  xxy.jss.com.cn;
     46         # root       /usr/share/nginx/html;
     47         location / {
     48             rewrite ^(.*)$ https://$host$1 permanent;
     49         }
     50     }
     51     
     52     server {
     53         listen       443 ssl;                             #指定ssl监听端口
     54         server_name  xxy.jss.com.cn;                    #域名
     55         ssl on;                                           #开启ssl支持
     56         access_log logs/aisino_access55.log;                #访问日志
     57 
     58         ssl_certificate      E:/nginx-1.11.12/newkey/server.cer;      #指定服务器证书路徿
     59         ssl_certificate_key  E:/nginx-1.11.12/newkey/server.key;     #指定私钥证书路径
     60         
     61         #ssl_session_cache    shared:SSL:1m;
     62         #ssl_session_timeout  5m;                         #SSL会话超时闿分钟
     63         
     64         ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;  #指定SSL服务器端支持的协议版朿
     65         ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;    #指定加密算法
     66         ssl_prefer_server_ciphers   on;                   #在使用SSLv3和TLS协议时指定服务器的加密算法要优先于客户端的加密算泿
     67         charset utf-8;
     68         
     69         error_page   500 502 503 504  /50x.html;
     70         location = /50x.html {
     71             root   html;
     72         }
     73         
     74         #兼容用户可能收藏的页面
     75         location = /pc.do {
     76             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     77             proxy_set_header Host $http_host;
     78             proxy_set_header X-Forwarded-Proto https;
     79             proxy_redirect off;
     80             proxy_connect_timeout      15s;
     81             proxy_send_timeout         15s;
     82             proxy_read_timeout         15s;
     83             proxy_pass   http://xxyrpc/xxy_rpc/pc.do;
     84             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
     85         }
     86         
     87         location = /app.do {
     88             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     89             proxy_set_header Host $http_host;
     90             proxy_set_header X-Forwarded-Proto https;
     91             proxy_redirect off;
     92             proxy_connect_timeout      15s;
     93             proxy_send_timeout         15s;
     94             proxy_read_timeout         15s;
     95             proxy_pass   http://xxyrpc/xxy_rpc/app.do;
     96             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
     97         }
     98         
     99         location = /nuoyan.do {
    100             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    101             proxy_set_header Host $http_host;
    102             proxy_set_header X-Forwarded-Proto https;
    103             proxy_redirect off;
    104             proxy_connect_timeout      15s;
    105             proxy_send_timeout         15s;
    106             proxy_read_timeout         15s;
    107             proxy_pass   http://xxyrpc/xxy_rpc/nuoyan.do;
    108             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    109         }
    110 
    111         location /xxy_rpc {
    112             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    113             proxy_set_header Host $http_host;
    114             proxy_set_header X-Forwarded-Proto https;
    115             proxy_redirect off;
    116             proxy_connect_timeout      15s;
    117             proxy_send_timeout         15s;
    118             proxy_read_timeout         15s;
    119             proxy_pass   http://xxyrpc/xxy_rpc;
    120             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    121         }
    122         
    123         location / {
    124             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    125             proxy_set_header Host $http_host;
    126             proxy_set_header X-Forwarded-Proto https;
    127             proxy_redirect off;
    128             proxy_connect_timeout      15s;
    129             proxy_send_timeout         15s;
    130             proxy_read_timeout         15s;
    131             proxy_pass   http://xxyweb/xxy_web;
    132             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    133             access_log logs/aisino_access2.log; 
    134         }
    135         
    136         #兼容用户可能收藏的页面
    137         location = /welcome.do {
    138             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    139             proxy_set_header Host $http_host;
    140             proxy_set_header X-Forwarded-Proto https;
    141             proxy_redirect off;
    142             proxy_connect_timeout      15s;
    143             proxy_send_timeout         15s;
    144             proxy_read_timeout         15s;
    145             proxy_pass   http://xxyweb/xxy_web/welcome.do;
    146             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    147             access_log logs/aisino_access2.log; 
    148         }
    149         
    150         
    151         location = /main/query.do {
    152             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    153             proxy_set_header Host $http_host;
    154             proxy_set_header X-Forwarded-Proto https;
    155             proxy_redirect off;
    156             proxy_connect_timeout      15s;
    157             proxy_send_timeout         15s;
    158             proxy_read_timeout         15s;
    159             proxy_pass   http://xxyweb/xxy_web/main/query.do;
    160             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    161             access_log logs/aisino_access2.log; 
    162         }
    163         
    164         location /xxy_web {
    165             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    166             proxy_set_header Host $http_host;
    167             proxy_set_header X-Forwarded-Proto https;
    168             proxy_redirect off;
    169             proxy_connect_timeout      60s;
    170             proxy_send_timeout         60s;
    171             proxy_read_timeout         60s;
    172             proxy_pass   http://xxyrpc/xxy_web;
    173             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    174         }
    175     }
    176     
    177     ###############-------test--示例-------#####################################
    178     
    179 }

    5,修改tomcat下server.xml配置

    Host 节点下增加一行(nginx 代理https后,应用redirect https变成http,即https请求,tomcat 输出的确实http 问题):

    <Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" remoteIpHeader="X-Forwarded-For"/>

     1 <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
     2 
     3         <!-- SingleSignOn valve, share authentication between web applications
     4              Documentation at: /docs/config/valve.html -->
     5         <!--
     6         <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
     7         -->
     8         <Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" remoteIpHeader="X-Forwarded-For"/>
     9         <!-- Access log processes all example.
    10              Documentation at: /docs/config/valve.html
    11              Note: The pattern used is equivalent to using pattern="common" -->
    12         <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log." suffix=".txt"/>
    13 
    14       <!--<Context path="/images" docBase="E:/workspace/out/artifacts/images" debug="0" reloadable="true"/>-->
    15  </Host>

    6,部署项目,start nginx ,输入域名访问。

  • 相关阅读:
    MongoDB Shell
    mongo 日记
    java 堆栈 静态
    面向对象(2)
    面向对象(1)
    mongo 学习笔记
    深入浅出学Spring Data JPA
    java记录
    mongodb 2.6 window 安装启动服务
    CF1012F Passports
  • 原文地址:https://www.cnblogs.com/xiexy/p/9376172.html
Copyright © 2011-2022 走看看