一. 申请SSL证书
申请SSL证书,现在阿里云和腾讯云都有免费的可以申请
二.部署证书到Nginx
1.先确定nginx是否安装了ssl模块,如果没有安装的话需要重新配置一下ssl模块
2.上传**.key和**.pem到服务器目录
3.在nginx.conf中配置 include /usr/local/nginx/conf/vhosts/*.conf
4.增加新的conf文件,添加以下配置,替换对应的域名和tomcat端口
ssl_certificate 和 ssl_certificate_key 替换成**.key和**.pem上传到服务器的目录
# 8080 tomcat
upstream tomcat_client {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 443 ssl;
server_name test.com;
ssl_certificate /usr/local/nginx/cert/215032704160566.pem;
ssl_certificate_key /usr/local/nginx/cert/215032704160566.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://tomcat_client;
}
}
server {
listen 80;
server_name test.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
三.修改tomcat配置
修改tomcat的 server.xml 文件中的Host标签,把localhost换成绑定的域名
修改之前:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
修改之后:
<Host name="test.com" appBase="webapps"
unpackWARs="true" autoDeploy="true">
四.安装完成
重启nginx,tomcat
打开域名即可正常访问啦