Nginx、Tomcat配置https
2018-06-17 18:58
267 查看
一、Nginx、Tomcat配置https
前提就是已经得到了CA机构颁发的证书
一、合并证书
1、假设证书文件如下
秘钥文件server.key,证书CACertificate-INTERMEDIATE-1.crt、CACertificate-ROOT-2.crt和ServerCertificate.crt
2、使用cat命令合并证书
cd /application/nginx/ssl
cat CACertificate-INTERMEDIATE-1.crt>>ServerCertificate.crt cat CACertificate-ROOT-2.crt>>ServerCertificate.crt
二、nginx反向代理证书
/application/nginx/conf/vhost/oil_price_applet.conf
upstream oilprice.test { server localhost:8443; } server { listen 443; server_name oilprice.test.com; root /www/html/oil_price_applet; access_log logs/access.log main; ssl on; ssl_certificate /application/nginx/ssl/ServerCertificate.crt; ssl_certificate_key /application/nginx/ssl/server.key; ssl_session_timeout 5m; location / { root /www/html/oil_price_applet; index index.html index.htm index.php; proxy_pass https://oilprice.test; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 1000m; client_body_buffer_size 1024k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 1024k; proxy_buffers 4 1024k; proxy_busy_buffers_size 1024k; proxy_temp_file_write_size 1024k; proxy_max_temp_file_size 128m; } location ~.*\.(php|php5)?$ { root /www/html/oil_price_applet; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } }/application/nginx/conf/vhost/oil_price_applet.conf
三、在Tomcat下配置https生成keystore
切记:设置的密码
1、Convert x509 Cert and Key to a pkcs12 file(将证书和私钥转换为p12格式的证书)
openssl pkcs12 -export -in ServerCertificate.crt -inkey server.key \ -out server.p12 -name some-alias
2、 Convert the pkcs12 file to a java keystore (将pkcs12格式的证书转换成java keystore)
keytool -importkeystore \ -deststorepass Ctb+wZs1 -destkeypass Ctb+wZs1 -destkeystore server.keystore \ -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass Ctb+wZs1 \ -alias some-alias
3、配置Tomcat
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/application/nginx/ssl/server.keystore" keystorePass="Ctb+wZs1" sslProtocol="TLS" URIEncoding="utf-8" />
4、重启Tomcat生效
相关文章推荐
- Nginx + Tomcat + HTTPS 配置不需要在 Tomcat 上启用 SSL 支持
- 部署https网站 Tomcat的配置和nginx的配置
- centos7 nginx+tomcat配置https 安装免费SSL Let’s Encrypt
- 详解 Nginx + Tomcat HTTPS/SSL 配置
- 简单配置搞定 Nginx + Tomcat + HTTPS
- Nginx + Tomcat HTTPS/SSL 配置方法 ——申请证书
- Windows下Tomcat+nginx配置证书实现登录页https访问
- nginx配置https代理tomcat
- 详解 Nginx + Tomcat HTTPS/SSL 配置
- Nginx+tomcat配置https后出现400 Bad Request问题
- Nginx + Tomcat HTTPS配置
- Nginx配置Https访问,tomcat无法正确获取schema的问题
- 服务器配置nginx和tomcat都使用https协议
- Nginx+tomcat 配置https访问
- Nginx + Tomcat + HTTPS 配置原来不需要在 Tomcat 上启用 SSL 支持
- https配置从tomcat迁移到Nginx
- 详解 Nginx + Tomcat HTTPS/SSL 配置
- Nginx + Tomcat + HTTPS 配置原来不需要在 Tomcat 上启用 SSL 支持
- nginx 上配置 https,及分发tomcat