nginx tomcat 配置https

作者: AMZ小楼 | 来源:发表于2018-06-25 15:01 被阅读0次

nginx + https(tomcat2)
nginx配置https，反向代理给tomcat
Nginx或tomcat8配置https
nginx tomcat 配置https
Nginx tomcat8.5集群与 redis sess
Nginx + Tomcat + HTTPS简单配置
配置nginx反向代理jira并实现https
nginx代理tomcat，https
Nginx+tomcat配置多站点
Fiori-like Prototype ( F5 Nginx

 nginx ssl
 ./configure   --prefix=/home/nginx  --with-pcre --with-http_ssl_module
nginx location
http://www.nginx.cn/4658.html
如果一个请求的URI是/t/a.html时，web服务器将会返回服务器上的/www/root/html/t/a.html的文件。
location ^~ /t/ {
     root /www/root/html/;
}

自己配置的https
keytool -genkeypair -alias tomcat -keyalg RSA -keystore /home/Himalaya/my.keystore

tomcat https
  <!--<Connector port="8680" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/local/my.keystore" keystorePass="123456" />-->

 <!--<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />-->

阿里云：必须要把域名解析到对应的ip上
 <Connector port="8380"
    protocol="HTTP/1.1"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="xxxxxx"
    keystoreType="xxxxxx"
    keystorePass="xxxxxx"
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

 nginx自签

1.openssl genrsa -des3 -out server.key 1024

2.创建服务器证书的申请文件 server.csr
openssl req -new -key server.key -out server.csr

4.备份一份服务器密钥文件
cp server.key server.key.org
5.去除文件口令
openssl rsa -in server.key.org -out server.key
6.生成证书文件server.crt
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt




 server {
    listen       6301;
    server_name  qutest.dabay.cn;

    ssl                  on;
    ssl_certificate      /home/nginx-mytest/CA/server.crt;
    ssl_certificate_key  /home/nginx-mytest/CA/server.key;

    ssl_session_timeout  5m;

   ssl_protocols  SSLv2 SSLv3 TLSv1;


    location / {
                  root /home/nginx/xxx;
                  try_files $uri /index.html;
                  expires       max;

    }


nginx 阿里云
    server {
    listen 6301;
    server_name xxxxxx;
    ssl on;

    ssl_certificate   cert/xxxxxx;
    ssl_certificate_key  cert/xxxxx;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {

                  root /home/nginx/xxx;
                  try_files $uri /index.html;
                  expires       max;

             }
        }