Nginx + Tomat https ssl 部署方案

時間  2020-05-06
標籤 nginx tomat https ssl 部署 方案 欄目 Nginx 简体版
原文   原文鏈接

以前就玩過這個https的部署方案,挺簡單的,可是很久沒搞,又有點忘了,果真好記性不如爛筆頭html

再從新溫習一下....nginx

 

1,準備證書web

2,下載nginx算法

3,準備tomcatapache

4,配置nginx.conf,如示例tomcat

 1 #user nobody;  2 worker_processes  1;  3 
 4 #error_log  logs/error.log;  5 #error_log  logs/error.log notice;  6 #error_log  logs/error.log info;  7 
 8 #pid        logs/nginx.pid;  9 
 10 
 11 events {  12     worker_connections  1024;  13 }  14 
 15 
 16 http {  17  include mime.types;  18     default_type  application/octet-stream;  19 
 20     #log_format  main  '$remote_addr - $remote_user [$time_local] '$request' '
 21     #                  '$status $body_bytes_sent '$http_referer' '
 22     #                  ''$http_user_agent' '$http_x_forwarded_for'';  23 
 24     #access_log  logs/access.log main;  25 
 26  sendfile on;  27  #tcp_nopush on;  28 
 29     #keepalive_timeout  0;  30     keepalive_timeout  65;  31     
 32  upstream xxyrpc {  33         server 127.0.0.1:8007 ;  34         #server 192.168.7.97:8080 ;  35  }  36     
 37  upstream xxyweb {  38         server 127.0.0.1:8007 ;  39         #server 127.0.0.1:8081 ;  40  }  41     
 42     ###############-------test--示例-------#####################################  43  server {  44         listen       80;  45  server_name xxy.jss.com.cn;  46         # root       /usr/share/nginx/html;  47         location / {  48             rewrite ^(.*)$ https://$host$1 permanent;
 49  }  50  }  51     
 52  server {  53         listen       443 ssl; #指定ssl監聽端口  54  server_name xxy.jss.com.cn; #域名  55  ssl on; #開啓ssl支持  56         access_log logs/aisino_access55.log; #訪問日誌  57 
 58         ssl_certificate      E:/nginx-1.11.12/newkey/server.cer; #指定服務器證書路徿  59         ssl_certificate_key  E:/nginx-1.11.12/newkey/server.key; #指定私鑰證書路徑  60         
 61  #ssl_session_cache shared:SSL:1m;  62  #ssl_session_timeout 5m; #SSL會話超時闓分鐘  63         
 64         ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2; #指定SSL服務器端支持的協議版朿  65         ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; #指定加密算法  66  ssl_prefer_server_ciphers on; #在使用SSLv3和TLS協議時指定服務器的加密算法要優先於客戶端的加密算泿  67         charset utf-8;  68         
 69         error_page   500 502 503 504  /50x.html;  70         location = /50x.html {  71  root html;  72  }  73         
 74  #兼容用戶可能收藏的頁面  75         location = /pc.do {  76             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  77  proxy_set_header Host $http_host;  78             proxy_set_header X-Forwarded-Proto https;  79  proxy_redirect off;  80  proxy_connect_timeout 15s;  81  proxy_send_timeout 15s;  82  proxy_read_timeout 15s;  83             proxy_pass   http://xxyrpc/xxy_rpc/pc.do;
 84  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;  85  }  86         
 87         location = /app.do {  88             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  89  proxy_set_header Host $http_host;  90             proxy_set_header X-Forwarded-Proto https;  91  proxy_redirect off;  92  proxy_connect_timeout 15s;  93  proxy_send_timeout 15s;  94  proxy_read_timeout 15s;  95             proxy_pass   http://xxyrpc/xxy_rpc/app.do;
 96  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;  97  }  98         
 99         location = /nuoyan.do { 100             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 101  proxy_set_header Host $http_host; 102             proxy_set_header X-Forwarded-Proto https; 103  proxy_redirect off; 104  proxy_connect_timeout 15s; 105  proxy_send_timeout 15s; 106  proxy_read_timeout 15s; 107             proxy_pass   http://xxyrpc/xxy_rpc/nuoyan.do;
108  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; 109  } 110 
111         location /xxy_rpc { 112             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 113  proxy_set_header Host $http_host; 114             proxy_set_header X-Forwarded-Proto https; 115  proxy_redirect off; 116  proxy_connect_timeout 15s; 117  proxy_send_timeout 15s; 118  proxy_read_timeout 15s; 119             proxy_pass   http://xxyrpc/xxy_rpc;
120  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; 121  } 122         
123         location / { 124             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 125  proxy_set_header Host $http_host; 126             proxy_set_header X-Forwarded-Proto https; 127  proxy_redirect off; 128  proxy_connect_timeout 15s; 129  proxy_send_timeout 15s; 130  proxy_read_timeout 15s; 131             proxy_pass   http://xxyweb/xxy_web;
132  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; 133             access_log logs/aisino_access2.log; 134  } 135         
136  #兼容用戶可能收藏的頁面 137         location = /welcome.do { 138             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 139  proxy_set_header Host $http_host; 140             proxy_set_header X-Forwarded-Proto https; 141  proxy_redirect off; 142  proxy_connect_timeout 15s; 143  proxy_send_timeout 15s; 144  proxy_read_timeout 15s; 145             proxy_pass   http://xxyweb/xxy_web/welcome.do;
146  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; 147             access_log logs/aisino_access2.log; 148  } 149         
150         
151         location = /main/query.do { 152             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 153  proxy_set_header Host $http_host; 154             proxy_set_header X-Forwarded-Proto https; 155  proxy_redirect off; 156  proxy_connect_timeout 15s; 157  proxy_send_timeout 15s; 158  proxy_read_timeout 15s; 159             proxy_pass   http://xxyweb/xxy_web/main/query.do;
160  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; 161             access_log logs/aisino_access2.log; 162  } 163         
164         location /xxy_web { 165             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 166  proxy_set_header Host $http_host; 167             proxy_set_header X-Forwarded-Proto https; 168  proxy_redirect off; 169  proxy_connect_timeout 60s; 170  proxy_send_timeout 60s; 171  proxy_read_timeout 60s; 172             proxy_pass   http://xxyrpc/xxy_web;
173  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; 174  } 175  } 176     
177     ###############-------test--示例-------##################################### 178     
179 }

5,修改tomcat下server.xml配置服務器

Host 節點下增長一行(nginx 代理https後,應用redirect https變成http,即https請求,tomcat 輸出的確實http 問題):session

<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" remoteIpHeader="X-Forwarded-For"/>app

 1 <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
 2 
 3         <!-- SingleSignOn valve, share authentication between web applications  4              Documentation at: /docs/config/valve.html -->
 5         <!--
 6         <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
 7         -->
 8         <Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" remoteIpHeader="X-Forwarded-For"/>
 9         <!-- Access log processes all example. 10              Documentation at: /docs/config/valve.html 11              Note: The pattern used is equivalent to using pattern="common" -->
12         <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log." suffix=".txt"/>
13 
14       <!--<Context path="/images" docBase="E:/workspace/out/artifacts/images" debug="0" reloadable="true"/>-->
15  </Host>

6,部署項目,start nginx ,輸入域名訪問。webapp

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程