Nginx+Tomcat+Https 桃扇骨 2022-05-14 06:06 158阅读 0赞 # 一、申请证书 # 阿里云提供免费的证书:[《证书申请传送门》][Link 1] ![这里写图片描述][70] 注意:保护类型那里提示:保护一个明细子域名。 # 二、安装证书 # 等审核通过后,就可以下载证书了。 把证书上传到服务器,假设你的证书是abc.pem和abc.key,我这里放到/etc/nginx/cert文件夹下了,cert文件夹是我自己创建的,使用mkdir cert来创建,提示权限错误时加sudo命令。 然后修改nginx配置文件,vim /etc/nginx/nginx.conf,增加以下内容: upstream tomcat { server 127.0.0.1:82 fail_timeout=0; } # HTTPS server server { listen 443 ssl; server_name www.b.yujiago.cn; # 这里是你的域名,要与下面tomcat里的保持一致 ssl_certificate /etc/nginx/cert/abc.pem; ssl_certificate_key /etc/nginx/cert/abc.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; proxy_connect_timeout 240; proxy_send_timeout 240; proxy_read_timeout 240; # note, there is not SSL here! plain HTTP is used proxy_pass http://tomcat; } } 然后编辑tomcat的配置文件,/conf/server.xml 修改HOST里的value值,我这里修改为: # 这里的name要与nginx配置文件里的server_name保持一致 <Host name="www.b.yujiago.cn" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" /> <Context path="" docBase="spring-boot-ssm" name="/spring-boot-ssm" debug="0" reloadable="true" /> </Host> 到这里的话,可以使用[https://www.b.yujiago.cn][https_www.b.yujiago.cn]访问了,但是无法通过[http://www.b.yujiago.cn][http_www.b.yujiago.cn]访问,即默认的80端口。 -------------------- 强制80端口转发到443端口,即将[http://www.b.com][http_www.b.com]重定向到[https://www.b.com][https_www.b.com] # 监听80端口,根据二级域名,动态进行转发 server{ listen 80; server_name *.yujiago.cn; client_max_body_size 50m; if ( $http_host ~* "^(.*?)\.yujiago\.cn" ) { set $domain $1; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; if ( $domain ~* "a" ) { proxy_pass http://www.a.yujiago.cn:83; } if ( $domain ~* "b" ) { # proxy_pass https://www.b.yujiago.cn; # 重定向到https rewrite ^/(.*) https://www.b.yujiago.cn/$1 permanent; } if ( $domain ~* "c" ) { proxy_pass http://www.c.yujiago.cn:84; } # proxy_pass http://www.a.yujiago.cn:83; } } -------------------- 网上有的资料说需要配置tomcat中以下部分新增的内容,但我这次没有配置 <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" proxyPort="443" /> -------------------- 注意: 1、开启防火墙的443端口 [Link 1]: https://common-buy.aliyun.com/?spm=a2c4e.11153940.blogcont633435.10.6bd4209bo6lO0w&commodityCode=cas#/buy [70]: /images/20220514/20b44b9b64af4ab2995bdf045aee2807.png [https_www.b.yujiago.cn]: https://www.b.yujiago.cn [http_www.b.yujiago.cn]: http://www.b.yujiago.cn [http_www.b.com]: http://www.b.com [https_www.b.com]: https://www.b.com
还没有评论,来说两句吧...