服务器配置nginx和tomcat都使用https协议

3 篇文章 0 订阅
1 篇文章 0 订阅

如果服务器需要配置https协议,我们很容易的在nginx上加入相应的证书配置就可以实现,但是如果我们服务器的环境有php和Java这两种的话,而Java使用的是tomcat容器,但是又想实现两种都是https协议的情况,其实也很简单,tomcat不需要做任何配置,在nginx配置反向代理即可:

这里需要注意的是,如果tomcat在同一个服务器上,直接在反向代理的主机名中写localhost即可,不过其实也可以反向代理到另外一台服务器(这种情况其实很有用,如果你另外一台服务器并没有购买域名,也没有证书,但是又想使用https协议的话,在proxy_pass中写入相应服务器的IP即可)

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    #include /etc/nginx/conf.d/*.conf;

    client_max_body_size 2m;

    server_names_hash_bucket_size 2048;

    server {
        #listen       80;
    listen 443  ssl;
        server_name  xiaoxiaohei.com.cn;

        ssl on;
        ssl_certificate /etc/nginx/conf.d/1_www.xiaoxiaohei.com.cn_bundle.crt;
        ssl_certificate_key /etc/nginx/conf.d/2_www.xiaoxiaohei.com.cn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
        root   /data/web/webapp/public;
            index  index.html index.htm index.php;

        if (!-e $request_filename) {
            rewrite  ^(.*)$  /index.php?s=/$1  last;
            break;
            }

        }

        location ~ \.php$ {
        root   /data/web/webapp/public;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
    }

    server {
        #listen       80;
    listen 443 ssl;
        server_name  wx.xiaoxiaohei.com.cn;

        ssl on;
        ssl_certificate /etc/nginx/conf.d/1_wx.xiaoxiaohei.com.cn_bundle.crt;
        ssl_certificate_key /etc/nginx/conf.d/2_wx.xiaoxiaohei.com.cn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
        proxy_pass   http://localhost:8080/;
            proxy_redirect  off;
            proxy_set_header  X-Real-IP $remote_addr;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        }

    }

}
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值