Nginx + 阿里云SSL + tomcat 实现https访问代理
生活随笔
收集整理的這篇文章主要介紹了
Nginx + 阿里云SSL + tomcat 实现https访问代理
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
第一步:阿里云申請?jiān)贫茏C書服務(wù)
第二步:下載證書
第三步:修改Nginx配置
1. 證書文件214033834890360.pem,包含兩段內(nèi)容,請不要?jiǎng)h除任何一段內(nèi)容。
2. 如果是證書系統(tǒng)創(chuàng)建的CSR,還包含:證書私鑰文件214033834890360.key。
( 1 ) 在Nginx的安裝目錄下創(chuàng)建cert目錄,并且將下載的全部文件拷貝到cert目錄中。如果申請證書時(shí)是自己創(chuàng)建的CSR文件,請將對應(yīng)的私鑰文件放到cert目錄下并且命名為214033834890360.key;
( 2 ) 打開 Nginx 安裝目錄下 conf 目錄中的 nginx.conf 文件,找到:
worker_processes 4; error_log logs/error.log crit; #日志位置和日志級別 pid logs/nginx.pid; worker_rlimit_nofile 65535; events { worker_connections 65535; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream backend { #ip_hash; server 172.17.0.3:8080 weight=1 max_fails=2 fail_timeout=2; server 172.17.0.4:8080 weight=1 max_fails=2 fail_timeout=2; } upstream mgr { #ip_hash; server 172.17.0.7:8080 weight=1 max_fails=2 fail_timeout=2; }server {listen 443;server_name localhost;ssl on;root html;index index.html index.htm;ssl_certificate cert/214031620150360.pem;ssl_certificate_key cert/214031620150360.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;location / {proxy_pass http://backend;### force timeouts if one of backend is died ##proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;### Set headers ####proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;## Most PHP, Python, Rails, Java App can use this header ###proxy_set_header X-Forwarded-Proto https;### By default we don't want to redirect it #### proxy_redirect off; }location /test/ {proxy_pass http://172.17.0.5:8080;### force timeouts if one of backend is died ##proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;### Set headers ####proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;## Most PHP, Python, Rails, Java App can use this header ###proxy_set_header X-Forwarded-Proto https;### By default we don't want to redirect it #### proxy_redirect off; } location /dev/ {proxy_pass http://172.17.0.6:8080;### force timeouts if one of backend is died ##proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;### Set headers ####proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;## Most PHP, Python, Rails, Java App can use this header ###proxy_set_header X-Forwarded-Proto https;### By default we don't want to redirect it #### proxy_redirect off; } location /pre/ {proxy_pass http://mgr;### force timeouts if one of backend is died ##proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;### Set headers ####proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;## Most PHP, Python, Rails, Java App can use this header ###proxy_set_header X-Forwarded-Proto https;### By default we don't want to redirect it #### proxy_redirect off; } } }修改Tomcat配置
新增配置項(xiàng):<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>
第四步:啟動Nginx
/usr/local/nginx/nginx第五步:測試https域名
OK
總結(jié)
以上是生活随笔為你收集整理的Nginx + 阿里云SSL + tomcat 实现https访问代理的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Maven安装说明
- 下一篇: PgSQL · 案例分享 · Postg