1 生成证书到nginx目录下
cd /usr/local/nginx/conf # 生成服务器端的私钥(key文件) openssl genrsa -des3 -out server.key 1024 # 生成Certificate Signing Request(CSR)此处按指示输入信息 openssl req -new -key server.key -out server.csr #生成.crt证书 cp server.key server.key.org openssl rsa -in server.key.org -out server.key openssl x509 -req -days
2 配置nginx.conf
#tomcat的反向代理 #可设置多个负载均衡 upstream mytomcat { server localhost:8080; server localhost:8081; } server { listen 80; server_name localhost; #开启ssl ssl on; #设置证书位置 ssl_certificate server.crt; #设置密钥位置 ssl_certificate_key server.key; location / { root html; index index.html; #proxy设置 此处应为http://+upstream的名称 proxy_pass http://mytomcat; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }