您的位置:首页 > 理论基础 > 计算机网络

Nginx、Tomcat配置https

2018-06-17 18:58 267 查看

一、Nginx、Tomcat配置https

  前提就是已经得到了CA机构颁发的证书

  一、合并证书

  1、假设证书文件如下

  秘钥文件server.key,证书CACertificate-INTERMEDIATE-1.crt、CACertificate-ROOT-2.crt和ServerCertificate.crt

  2、使用cat命令合并证书

cd /application/nginx/ssl
cat CACertificate-INTERMEDIATE-1.crt>>ServerCertificate.crt
cat CACertificate-ROOT-2.crt>>ServerCertificate.crt

  二、nginx反向代理证书

  /application/nginx/conf/vhost/oil_price_applet.conf

upstream oilprice.test {
server    localhost:8443;
}
server {
listen       443;
server_name  oilprice.test.com;
root   /www/html/oil_price_applet;
access_log  logs/access.log  main;
ssl                  on;
ssl_certificate      /application/nginx/ssl/ServerCertificate.crt;
ssl_certificate_key  /application/nginx/ssl/server.key;
ssl_session_timeout  5m;

location / {
root   /www/html/oil_price_applet;
index  index.html index.htm index.php;
proxy_pass  https://oilprice.test;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
client_body_buffer_size 1024k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 1024k;
proxy_buffers 4 1024k;
proxy_busy_buffers_size 1024k;
proxy_temp_file_write_size 1024k;
proxy_max_temp_file_size 128m;
}
location ~.*\.(php|php5)?$ {
root   /www/html/oil_price_applet;
fastcgi_pass  127.0.0.1:9000;
fastcgi_index  index.php;
include  fastcgi.conf;
}
}
/application/nginx/conf/vhost/oil_price_applet.conf

  三、在Tomcat下配置https生成keystore

  切记:设置的密码

  1、Convert x509 Cert and Key to a pkcs12 file(将证书和私钥转换为p12格式的证书)

openssl pkcs12 -export -in ServerCertificate.crt -inkey server.key \
-out server.p12 -name some-alias

  2、 Convert the pkcs12 file to a java keystore (将pkcs12格式的证书转换成java keystore)

keytool -importkeystore \
-deststorepass Ctb+wZs1 -destkeypass Ctb+wZs1  -destkeystore server.keystore \
-srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass Ctb+wZs1  \
-alias some-alias

  3、配置Tomcat

<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/application/nginx/ssl/server.keystore"
keystorePass="Ctb+wZs1"
sslProtocol="TLS"
URIEncoding="utf-8" />

  4、重启Tomcat生效

内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航