本文說描寫敘述的方式是用nginx的443重定向到tomcat的8443,nginx的80port重定到tomcat的8080;php
亂入:我的標記:caicongyang
html
可以參考我前面的文章: Linux tar包安裝Nginx ;http://blog.csdn.net/caicongyang/article/details/46388845nginx
只是這篇文章中。咱們編譯的時候沒有帶ssl模塊。所以需要又一次編譯安裝web
需要在安裝時帶上ssl模塊的選項 apache
完畢命令例如如下:tomcat
#./configure --with-http_ssl_module
#./configure --help
# cd /opt/nginx/sslkey/ # openssl genrsa -des3 -out server.key 1024 # openssl req -new -key server.key -out server.csr # cp server.key server.key.org # openssl rsa -in server.key.org -out server.key # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="${user.home}/. keystore" keystorePass="123456"/>
#keytool -v -genkey -alias tomcat -keyalg RSA -keystore .keystore -validity 36500固然你也可以指定文件夾
#keytool -v -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/sslkey/server.keystore -validity 36500
固然你也可以在項目的web.xml中配置某個重要模塊強制使用https,其它的模塊正常走httpsession
web.xmlapp
<security-constraint> <web-resource-collection> <web-resource-name>services</web-resource-name> <url-pattern>/login/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; upstream tomcat8080 { server localhost:8080 weight=10; } upstream tomcat8443 { server localhost:8443 weight=10; } server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://tomcat8080; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server server { listen 443; server_name localhost; ssl on; ssl_certificate /opt/nginx/sslkey/server.crt; ssl_certificate_key /opt/nginx/sslkey/server.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass https://tomcat8443; proxy_set_header Host $host:443; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } }
不懂運維的程序猿,不是好的project師!運維
個人我的站點:http://www.caicongyang.com
tcp
個人CSDN博客地址: http://blog.csdn.net/caicongyang