Nginx+Https配置+Tomcat-白红宇

Nginx+Https配置+Tomcat

阅读量：6898 次

发布时间：2019-06-27

本文共 4867 字，大约阅读时间需要 16 分钟。

Nginx下配置https，nginx和tomcat之间走http，浏览器上使用https://域名实现访问，nginx的https端口为443，tomcat的端口是8081/8082/8083配置如下log_format ssl_wy '$remote_addr - $remote_user [$time_local] $request '                  '"$status" $body_bytes_sent "$http_referer" '                  '"$http_user_agent" "$http_x_forwarded_for" $request_time';server {        listen 80;        server_name wy1.cn; 		rewrite ^(.*) https://$server_name$1 permanent;		#return 301 https://wy1.cn$request_uri;		#rewrite  ^  https://$server_name$request_uri? permanent;}#server {        listen 80;        server_name wy2.cn; 		rewrite ^(.*) https://$server_name$1 permanent;		#return 301 https://wy2.cn$request_uri;		#rewrite  ^  https://$server_name$request_uri? permanent;}#server {        listen 80;		server_name wy3.cn; 		rewrite ^(.*) https://$server_name$1 permanent;		#return 301 https://wy3.cn$request_uri;		#rewrite  ^  https://$server_name$request_uri? permanent;}#server        {        listen      443;        server_name wy1.cn;	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;		#		ssl                  on;          		ssl_certificate      1__.wy.crt;		ssl_certificate_key      2__wy.key;		ssl_session_timeout  5m; 		ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;     		ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; 		ssl_prefer_server_ciphers   on;		#		location / {        proxy_pass http://127.0.0.1:8081;        #Proxy Settings        proxy_redirect off;        proxy_set_header Host $host;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;		proxy_set_header X-Forwarded-Proto https;        #proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;        proxy_max_temp_file_size 0;        proxy_connect_timeout 90;        proxy_send_timeout 90;        proxy_read_timeout 90;        proxy_buffer_size 4k;        proxy_buffers 4 32k;        proxy_busy_buffers_size 64k;        proxy_temp_file_write_size 64k;		}		#		if ($http_user_agent ~* "spider|bot|Yahoo") {                return 403;        }	#        access_log  /home/wwwlogs/https_wy1.cn.log ssl_wy;        }server        {        listen       443;        server_name wy2.cn;	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;		#		ssl                  on;         ssl_certificate      1__.wy.crt;        ssl_certificate_key      2__wy.key;        ssl_session_timeout  5m;         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;         ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;         ssl_prefer_server_ciphers   on;		#		location / {        proxy_pass http://127.0.0.1:8082;        #Proxy Settings        proxy_redirect off;        proxy_set_header Host $host;        proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Forwarded-Proto https;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;		#proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;		proxy_max_temp_file_size 512k;        proxy_connect_timeout 180;        proxy_send_timeout 180;        proxy_read_timeout 180;        proxy_buffer_size 4k;        proxy_buffers 4 32k;        proxy_busy_buffers_size 64k;        proxy_temp_file_write_size 512k;		}						#		if ($http_user_agent ~* "spider|bot|Yahoo") {                return 403;        }	#        access_log  /home/wwwlogs/https_wy2.cn.log ssl_wy;        }server        {        listen       443;        server_name wy3.cn;	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;		#		ssl                  on; 		ssl_certificate      1__.wy.crt;        ssl_certificate_key      2__wy.key;        ssl_session_timeout  5m;         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;         ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;         ssl_prefer_server_ciphers   on; 		#		location / {        proxy_pass http://127.0.0.1:8083;        #Proxy Settings        proxy_redirect off;        proxy_set_header Host $host;        proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Forwarded-Proto https;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        #proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;        proxy_max_temp_file_size 0;        proxy_connect_timeout 90;        proxy_send_timeout 90;        proxy_read_timeout 90;        proxy_buffer_size 4k;        proxy_buffers 4 32k;        proxy_busy_buffers_size 64k;        proxy_temp_file_write_size 64k;		}		#		if ($http_user_agent ~* "spider|bot|Yahoo") {                return 403;        }	#        access_log  /home/wwwlogs/https_wy3.cn.log ssl_wy;        }重启nginxservice nginx restart重启nginx，这里三个tomcat下server.xml不用修改，测试OK#注：测试环境使用的为正式申请的证书

Https配置检测：

转载于:https://my.oschina.net/HeAlvin/blog/809890

你可能感兴趣的文章

直播转点播实践

查看>>

基于Java语言构建区块链（二）—— 工作量证明

查看>>

Python黑科技：50行代码运用Python＋OpenCV实现人脸追踪

查看>>

获取高德地图的四级地址

查看>>

图像识别落地B端应用，商业化的“绣球”先抛给了哪些行业？