tomcat+nginx配置https
1 生成证书到nginx目录下cd /usr/local/nginx/conf
# 生成服务器端的私钥(key文件)
openssl genrsa -des3 -out server.key 1024
# 生成Certificate Signing Request(CSR)此处按指示输入信息
openssl req -new -key server.key -out server.csr
#生成.crt证书
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days
2 配置nginx.conf
#tomcat的反向代理
#可设置多个负载均衡
upstream mytomcat {
server localhost:8080;
server localhost:8081;
}
server {
listen 80;
server_namelocalhost;
#开启ssl
sslon;
#设置证书位置
ssl_certificate server.crt;
#设置密钥位置
ssl_certificate_keyserver.key;
location / {
root html;
indexindex.html;
#proxy设置 此处应为http://+upstream的名称
proxy_pass http://mytomcat;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
页:
[1]