nginx + tomcat配置https的两种方法

# The frist method:

— Nginx and Tomcat using HTTPS:

1. nginx configuration:

upstream test {

server 172.16.7.30:8443 weight=1;

}

upstream master {

server 172.16.7.31:8443 weight=1;

}

server {

listen 80;

server_name test.hbc315.com master.hbc315.com;

rewrite ^(.*)$ https://$host$1 permanent;             # Used together ports 80 and 443; Redirect request port from 80 to 443

}

server {

listen 443 ssl;

server_name test.mysite.com master.mysite.com;

ssl                  on;

ssl_certificate      server.pem;

ssl_certificate_key  server.key;

ssl_session_timeout  5m;

ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;

#ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;

ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;

ssl_prefer_server_ciphers   on;

location / {

set $domain "";

if ($http_host ~* "^(test)" ) {set $domain "test";}

if ($http_host ~* "^(master)" ) {set $domain "master";}

proxy_pass https://$domain;

proxy_http_version 1.1;

proxy_set_header Connection "";

proxy_redirect          off;

proxy_set_header        Host $host;

proxy_set_header        X-Real-IP $remote_addr;

proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

#proxy_set_header   X-Forwarded--Proto https;

client_max_body_size    500m;

client_body_buffer_size 1m;

proxy_connect_timeout   600;

proxy_send_timeout      600;

proxy_read_timeout      600;

proxy_buffer_size       400k;

proxy_buffers           4 1m;

proxy_busy_buffers_size 2m;

proxy_temp_file_write_size 1m;

}

}

2. tomcat configuration:

1) Execute the following command:

# keytool -genkey -alias tomcat -keyalg RSA -keystore /root/tomcat/conf/ssl.keystore       # Generate certificate KEY

Enter keystore password:

Re-enter new password:

What is your first and last name?

[Unknown]:  192.16.7.30 # domain or IP

What is the name of your organizational unit?

[Unknown]:  hbc

What is the name of your organization?

[Unknown]:  hbc

What is the name of your City or Locality?

[Unknown]:  bj

What is the name of your State or Province?

[Unknown]:  bj

What is the two-letter country code for this unit?

[Unknown]:  cn # The default CN of china

Is CN=192.16.7.30, OU=hbc, O=hbc, L=bj, ST=bj, C=cn correct?

[no]:  y

Enter key password for <tomcat>

(RETURN if same as keystore password):

Re-enter new password:

2) Configure server.xml:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

maxThreads="150"

SSLEnabled="true"

scheme="https"

secure="true"

clientAuth="false" sslProtocol="TLS"

keystoreFile="/root/tomcat/conf/ssl.keystore"

keystorePass="tomcat" /> # The above steps to set the password

=========================================

# The second method:

— Nginx using HTTPS; Nginx with Tomcat interaction using HTTP

1. nginx configuration:

upstream test {

server 172.16.7.30:8080 weight=1; # Here is different from above

}

upstream master {

server 172.16.7.31:8080 weight=1; # Here is different from above

}

server {

listen 80;

server_name test.hbc315.com master.hbc315.com;

rewrite ^(.*)$ https://$host$1 permanent;             # Used together ports 80 and 443; Redirect request port from 80 to 443

}

server {

listen 443 ssl;

server_name test.mysite.com master.mysite.com;

ssl                  on;

ssl_certificate      server.pem;

ssl_certificate_key  server.key;

ssl_session_timeout  5m;

ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;

#ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;

ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;

ssl_prefer_server_ciphers   on;

location / {

set $domain "";

if ($http_host ~* "^(test)" ) {set $domain "test";}

if ($http_host ~* "^(master)" ) {set $domain "master";}

proxy_pass http://$domain;               # Here is different from above

proxy_http_version 1.1;

proxy_set_header Connection "";

proxy_redirect          off;

proxy_set_header        Host $host;

proxy_set_header        X-Real-IP $remote_addr;

proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header   X-Forwarded--Proto https;               # Here is different from above

client_max_body_size    500m;

client_body_buffer_size 1m;

proxy_connect_timeout   600;

proxy_send_timeout      600;

proxy_read_timeout      600;

proxy_buffer_size       400k;

proxy_buffers           4 1m;

proxy_busy_buffers_size 2m;

proxy_temp_file_write_size 1m;

}

}

2. tomcat configuration:

Configure server.xml file(On the basis of the default configuration file):

1) Add port proxy forwarding:

<Connector port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="443" # Take 8443 to 443

proxyPort="443"/> # Add a line parameters

2) Add <host> tag value:

<Valve className="org.apache.catalina.valves.RemoteIpValve"

remoteIpHeader="x-forwarded-for"

remoteIpProxiesHeader="x-forwarded-by"

protocolHeader="x-forwarded-proto"/>

时间: 2024-12-28 18:30:21

nginx + tomcat配置https的两种方法的相关文章

Nginx+Tomcat配置https

Nginx + Tomcat 配置 HTTPS 1.总述 浏览器和 Nginx 之间走的 HTTPS 通讯,而 Nginx 到 Tomcat 通过 proxy_pass 走的是普通 HTTP 连接. 2.Nginx配置(nginx.conf),部分 http { #HTTPS server server { listen 443 ssl; server_name goldlone.cn; #证书地址 ssl_certificate ./1_goldlone.cn_bundle.crt; ssl_

tomcat后台运行的两种方法

我们使用tomcat 启动一个新的项目,会出现一个窗口.如果有人需要使用这台电脑的时候,就很容易关掉tomcat 导致程序停止运行.为避免这种错误把tomcat设置为后台运行. 下面两种方法实现tomcat 后台运行: 一.修改tomcat里面的配置 1.找到tomcat下bin/setclasspath.bat文件,右键EditPlus打开. 2.在文件中找到 set_RUNJAVA="%JRE_HOME\bin\java", 并修改为set_RUNJAVA="%JRE_H

Nginx支持PHP环境的两种方法

操作系统: CentOS6.5   Nginx软件版本: nginx-1.6.0   PHP软件版本:php-5.3.28 Nginx默认是不支持PHP环境的,我们可以通过两种方法来让Nginx支持PHP环境 方法一:编译安装PHP的时候,在配置时添加PHP的fpm模块"--enable-fpm",用来调用本机的PHP环境 1.编译安装PHP 首先安装PHP所需要的工具包 然后编译安装PHP,在配置的时候加上"--enable-fpm"这个配置项 安装后调整 2.配

Linux下 nginx+tomcat配置https的总结和遇到的坑

证书的获取略 服务器的端口443确保外界网络能够进行访问. 是否配置https: nginx:是 tomcat:否 1.首先查看nginx是否支持SSL. 参考链接: 实战http切换成https 查看nginx支持SSL [[email protected] bin]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.13.3 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) b

【IDEA】IDEA中配置tomcat虚拟路径的两种方法

首先要确保使用的是本地的tomcat服务器,而不是maven插件. -------------------------第一种:使用IDEA工具自动配置(推荐这种)---------------------------- 选中本地需要配为虚拟路径的文件夹 编写项目名字: 测试:(例如访问我下面的文件:     G:\jwxt\teachingFile\5b66bbdb54494fc59710dcc2f7ff884e.pdf) --------------第二种:使用tomcat的manager项目

tomcat 配置的另外一种方法

在使用ubuntu安装配置tomcat时,在~/.bashrc中设置好了JAVA_HOME,却还是无法找到JAVA_HOME而不能启动tomcat.于是查看了tomcat启动过程. 其启动过程为startup.sh --->catalina.sh,在后者中,有读取配置环境如下 这种配置在当我们要在一台电脑上使用不同版本的java时很有用.于是我们在tomcat的bin目录下新建一个setenv.sh脚本,写入 export JAVA_HOME=/usr/loca/javapath 再次启动tom

JNDI+Tomcat配置数据源的两种方式

非全局jndi配置步骤 :此种配置方式不需要在server.xml中配置数据源,而只在tomcat/conf/Catalina/localhost下的启动配置中配置即可.注意红色字体名称必须和相同. 0.需要在tomcat/common/lib下加入数据库连接的jar包 1.web.xml配置 <resource-ref>      <description>my DB Connection</description>      <res-ref-name>

spring 中配置定时调度两种方法介绍

方法一: 直接用jdk api的Timer类,无需配置spring文件 1.用@compent注解,实现InitializingBean接口 ,spirng会自动去查找afterPropertiesSet()方法, 2.在afterPropertiesSet方法中写业务实现,调用timer的schedule方法或者scheduleAtFixedRate方法 schedule(TimerTask task, Date time) 安排在指定的时间执行指定的任务. scheduleAtFixedRa

web项目docker化的两种方法

标题所讲的两种方法其实就是创建docker镜像的两种方法 第一种:启动镜像后进入容器中操作,将需要的软件或者项目移动到容器中,安装或者部署,然后退出即可 第二种:编写dockerfile,将需要的镜像一层层叠加上去,比如我们要部署项目,可以先下载一个ubuntu基础镜像,然后叠加jdk,然后tomcat,然后项目 这两种方法我都试过,区别在于,第二种比较体现docker的镜像叠加特性,第一种到最终只有一层镜像. 先讲第二种吧,我之前的文章有提到过dockerfile的编写,这边直接给出简单的do