您的位置:首页 > 理论基础 > 计算机网络

tomcat与nginx的整合&nginx 配置https

2015-10-23 15:48 465 查看
一.安装Tomcat和jdk
 
1.安装jdk
# tar xvf jdk1.6.0_11.tar

# mv jdk1.6.0_11 /usr/local/
配置环境变量
# vim /etc/profile 添加
JAVA_HOME=/usr/local/jdk1.6.0_11

export JAVA_HOME

CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar

export CLASSPATH

PATH=$JAVA_HOME/bin:$PATH

export PATH

# sourse /etc/profile

# echo $JAVA_HOME

/usr/local/jdk1.6.0_11
 
2.安装tomcat
# tar zxvf apache-tomcat-6.0.29.tar.gz

# mv apache-tomcat-6.0.29 /usr/local/tomcat6
 
3.启动tomcat
# /usr/local/tomcat6/bin/startup.sh

Using CATALINA_BASE:   /usr/local/tomcat6

Using CATALINA_HOME:   /usr/local/tomcat6

Using CATALINA_TMPDIR: /usr/local/tomcat6/temp

Using JRE_HOME:       /usr/local/jdk1.6.0_11
# ps aux | grep tomcat

root     12717  0.5 12.3 220452 31588 pts/0    Sl   19:24   0:02 /usr/local/jdk1.6.0_11/bin/java -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/usr/local/tomcat6/conf/logging.properties
-Djava.endorsed.dirs=/usr/local/tomcat6/endorsed -classpath :/usr/local/tomcat6/bin/bootstrap.jar -Dcatalina.base=/usr/local/tomcat6 -Dcatalina.home=/usr/local/tomcat6 -Djava.io.tmpdir=/usr/local/tomcat6/temp org.apache.catalina.startup.Bootstrap start

root     13187  0.0  0.2   5072   708 pts/0    R+   19:31   0:00 grep tomcat
启动成功!
 
4.访问测试
http://192.168.2.150:8080
会看到tomcat的主页
 
5.修改配置文件
# pwd

/usr/local/tomcat6/conf
# vim server.xml

 <Connector port="8080" protocol="HTTP/1.1"   端口设置
 <Host name="localhost"  appBase="webapps"    家目录,页面文件要放在webapps/ROOT下面
将家目录改成/www/web/

 <Host name="localhost"  appBase="/www/web"

# mkdir -p /www/web/ROOT

# vim /www/web/ROOT/index.jsp

Hello,tomcat home!
重启tomcat,再次访问
改变访问
改变家目录的访问默认文件

# vim web.xml

 <welcome-file-list>

        <welcome-file>index.html</welcome-file>

        <welcome-file>index.htm</welcome-file>

        <welcome-file>index.jsp</welcome-file>

  </welcome-file-list>
 
二.nginx安装配置
 
1.安装支持正则的pcre模块
# rpm -ivh  pcre-devel-6.6-2.el5_1.7.i386.rpm
 
2.安装nginx
# tar zxvf nginx-0.7.62.tar.gz

# cd nginx-0.7.62

# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

# make

# make install
 
3.启动nginx
# /usr/local/nginx/sbin/nginx
 
4.访问nginx(默认为80端口)
http://192.168.2.150
 
三.nginx与tomcat整合
 
1. 在/usr/local/nginx/conf下面添加文件proxy.conf
# cat /usr/local/nginx/confg/proxy.conf
proxy_redirect          off;

proxy_set_header        Host $host;

proxy_set_header        X-Real-IP $remote_addr; #获取真实IP

#proxy_set_header       X-Forwarded-For   $proxy_add_x_forwarded_for; #获取代理者的真实ip

client_max_body_size    10m;

client_body_buffer_size 128k;

proxy_connect_timeout   90;

proxy_send_timeout      90;

proxy_read_timeout      90;

proxy_buffer_size       4k;

proxy_buffers           4 32k;

proxy_busy_buffers_size 64k;

proxy_temp_file_write_size 64k;
 
2.配置nginx.conf
# cat /usr/local/nginx/confg/nginx.conf

user  www www;

worker_processes  1;

pid     /usr/local/nginx/logs/nginx.pid;
events {

    use epoll;

    worker_connections  1024;

}
http {

    include       mime.types;

    default_type  application/octet-stream;

    include     /usr/local/nginx/conf/proxy.conf;  #一定要指向代理文件
    sendfile        on;

    tcp_nopush      on;

    keepalive_timeout  65;
    server {

        listen       80;

        server_name  localhost;
        charset gb2312;
        location / {

             root /www/web/ROOT;

             index  index.html index.htm;

        }
        location ~ .*.jsp$ {     #匹配以jsp结尾的,tomcat的网页文件是以jsp结尾         

                index   index.jsp;

                proxy_pass      http://127.0.0.1:8080;
#主要在这里,设置一个代理

        }
        location /nginxstatus {

                stub_status on;

                access_log on;

                auth_basic "nginxstatus";

                auth_basic_user_file /usr/local/nagois/etc/htpasswd.users;

        }
        # redirect server error pages to the static page /50x.html

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }

    }

}
 
3.测试
在/www/web/ROOT下添加文件index.html
# cat index.html

the port:80
重启nginx
http://192.168.2.150
http://192.168.2.150:8080
http://192.168.2.150/index.jsp

nginx 配置https

同事测试一ssl加密接口,但是负责该接口的同事有事请假了没在,所以我就临时给配置了一个https服务,写了一个简单接口供同事使用,配置nginx的https记录一下:

一、生成私钥和证书

创建带密钥口令的私钥

root@mysqlmaster:/tmp# openssl genrsa -des3 -out ng.key 1024

Generating RSA private key, 1024 bit long modulus

........++++++

...........................................++++++

e is 65537 (0x10001)

Enter pass phrase for ng.key: 输入口令

Verifying - Enter pass phrase for ng.key: 确认口令

二、创建csr文件

root@mysqlmaster:/tmp# openssl req -new -key ng.key -out ng.csr

Enter pass phrase for ng.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:国家 如cn,hk

State or Province Name (full name) [Some-State]:州或省的名称 如Beijing

Locality Name (eg, city) []:什么地方级别,是城市还是乡镇

Organization Name (eg, company) [Internet Widgits Pty Ltd]:什么组织,如公司,政府

Organizational Unit Name (eg, section) []:组织单位名称

Common Name (eg, YOUR name) []:名字

Email Address []:邮件地址

Please enter the following 'extra' attributes 额外信息

to be sent with your certificate request

A challenge password []: 复杂密码

An optional company name []:

1,创建私钥(去除密钥口令)

openssl rsa -in ng.key -out server.key

输入口令

2,创建CA证书

openssl req -new -x509 -days 3650 -key server.key -out server.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, YOUR name) []:

Email Address []:

和上面的步骤差不多,根据提示输入证书的信息,国家,管理人邮件,姓名,城市等

三、修改nginx配置文件

root@mysqlmaster:/tmp# cp server.crt server.key /etc/nginx/

默认需要证书放到nginx/conf/目录,那么

vi /etc/nginx/nginx.conf

增加

server{

listen 443;

server_name localhost;

ssl on;

ssl_certificate server.crt; #证书

ssl_certificate_key server.key; #私钥

location / {

root html;

index index.html index.htm;

}

}

root@mysqlmaster:/tmp# service nginx restart

重启服务
#Nginx
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航