部署https网站 Tomcat的配置和nginx的配置
2018-01-23 00:00
411 查看
当然首先你的去相关的证书网站申请到证书,有了证书才有下面的配置:
下面是tomcat的配置:
以下为nginx的配置:
下面是tomcat的配置:
<?xml version='1.0' encoding='utf-8'?> <Server port="8025" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener className="org.apache.catalina.core.JasperListener" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" / <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> <Connector port="8099" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"/> <!-- 以下为配置https的关键配置,如果想让https转发的时候不带端口,以下的port应该配置成443,就像http的80端口一样,443是https默认的端口,keystoreFile为存放证书的位置,keystorePass为证书密码,SSLProtocol和ciphers就按照我下面写的配置即可--> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/usr/local/tomcat/conf/cert/214279123300707.pfx" keystorePass="214274345347" clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/> <Connector port="8029" protocol="AJP/1.3" redirectPort="8443" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Context path="/decoration-service" docBase="/opt/apache-tomcat-7.0.82/webapps/decoration-service.war" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host> </Engine> </Service> </Server>
以下为nginx的配置:
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name xxx.xxx.com; #charset koi8-r; #access_log logs/host.access.log main; root /; location / { proxy_pass http://127.0.0.1:8080/; proxy_redirect http://localhost:8080 http://xxx.xxx.com/; proxy_set_header Host $host:80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server #以下为nginx配置的主要代码 server { listen 8443 ssl; server_name xxx.xxx.com; ssl_certificate /usr/local/nginx/ssl/214279123300707.pem; ssl_certificate_key /usr/local/nginx/ssl/214279123300707.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /; location / { root html; index index.html index.htm; proxy_pass http://localhost:8099; proxy_redirect http://localhost:8443 https://xxx.xxx.com; proxy_set_header Host $host:8443; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } } }
相关文章推荐
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署https网站
- Nginx配置SSL证书部署HTTPS网站(颁发证书)
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站的方法(颁发证书)
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站
- 给tomcat部署的网站配置https
- Nginx配置SSL证书部署HTTPS网站
- Nginx配置SSL证书部署HTTPS网站