前提申请免费域名https证书
一、nginx配置https并转发到tomcat
1、Nginx配置文件
server {
listen 80;
listen 443 ssl default_server;
server_name {域名};
# root /usr/share/nginx/html;
# 解释:当此虚拟站点只允许https访问时,当用http访问时nginx会报出497错误码
ssl on;
error_page 497 https://$host$uri$args;
ssl_certificate /etc/nginx/cer/{域名}.crt; #证书路径
ssl_certificate_key /etc/nginx/cer/{域名}.key; #私钥路径
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH:AESGCM:HIGH:RSA+3DES:!RC4:!DH:!MD5:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
client_max_body_size 50m;
location / {
proxy_redirect off;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect default ;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
2、 nginx配置如上之后,tomcat需配置如下
<!-- 1、connector配置-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" proxyPort="443"/>
<!--2、Engine 中加入该Value-->
<Engine name="Catalina" defaultHost="localhost">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
protocolHeaderHttpsValue="https" httpsServerPort="443"/>
</Engine>
二、tomcat配置https
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="{域名}.jks全路径"
keystorePass="{私钥,可填可不填}"/>
欢迎扫码关注公众号,不定期更新一些干货
网友评论