tomcat与nginx的整合&nginx 配置https

最新推荐文章于 2022-08-26 09:10:20 发布

最骚的就是你

最新推荐文章于 2022-08-26 09:10:20 发布

阅读量915

点赞数

分类专栏： 2015

本文链接：https://blog.csdn.net/libin_1/article/details/49362423

版权

2015 专栏收录该内容

27 篇文章 0 订阅

订阅专栏

本文详细介绍了如何将Tomcat应用服务器与Nginx进行整合，实现负载均衡和静态资源处理。同时，还探讨了Nginx配置HTTPS的过程，包括获取SSL证书、配置SSL上下文等关键步骤，以确保网站的安全通信。

摘要由CSDN通过智能技术生成

一.安装Tomcat和jdk

1.安装jdk

# tar xvf jdk1.6.0_11.tar
# mv jdk1.6.0_11 /usr/local/

配置环境变量

# vim /etc/profile 添加

JAVA_HOME=/usr/local/jdk1.6.0_11
export JAVA_HOME
CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
export CLASSPATH
PATH=$JAVA_HOME/bin:$PATH
export PATH

# sourse /etc/profile
# echo $JAVA_HOME
/usr/local/jdk1.6.0_11

2.安装tomcat

# tar zxvf apache-tomcat-6.0.29.tar.gz
# mv apache-tomcat-6.0.29 /usr/local/tomcat6

3.启动tomcat

# /usr/local/tomcat6/bin/startup.sh
Using CATALINA_BASE:   /usr/local/tomcat6
Using CATALINA_HOME:   /usr/local/tomcat6
Using CATALINA_TMPDIR: /usr/local/tomcat6/temp
Using JRE_HOME:       /usr/local/jdk1.6.0_11

# ps aux | grep tomcat
root 12717 0.5 12.3 220452 31588 pts/0 Sl 19:24 0:02 /usr/local/jdk1.6.0_11/bin/java -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/usr/local/tomcat6/conf/logging.properties -Djava.endorsed.dirs=/usr/local/tomcat6/endorsed -classpath :/usr/local/tomcat6/bin/bootstrap.jar -Dcatalina.base=/usr/local/tomcat6 -Dcatalina.home=/usr/local/tomcat6 -Djava.io.tmpdir=/usr/local/tomcat6/temp org.apache.catalina.startup.Bootstrap start
root 13187 0.0 0.2 5072 708 pts/0 R+ 19:31 0:00 grep tomcat

启动成功！

4.访问测试

http://192.168.2.150:8080
会看到tomcat的主页

5.修改配置文件

# pwd
/usr/local/tomcat6/conf

# vim server.xml
<Connector port="8080" protocol="HTTP/1.1" 端口设置

<Host name="localhost" appBase="webapps" 家目录，页面文件要放在webapps/ROOT下面

将家目录改成/www/web/
<Host name="localhost" appBase="/www/web"
# mkdir -p /www/web/ROOT
# vim /www/web/ROOT/index.jsp
Hello,tomcat home!

重启tomcat,再次访问

改变访问

改变家目录的访问默认文件
# vim web.xml
<welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>

二.nginx安装配置

1.安装支持正则的pcre模块
# rpm -ivh pcre-devel-6.6-2.el5_1.7.i386.rpm

2.安装nginx
# tar zxvf nginx-0.7.62.tar.gz
# cd nginx-0.7.62
# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
# make
# make install

3.启动nginx
# /usr/local/nginx/sbin/nginx

4.访问nginx(默认为80端口)
http://192.168.2.150

三.nginx与tomcat整合

1. 在/usr/local/nginx/conf下面添加文件proxy.conf

# cat /usr/local/nginx/confg/proxy.conf

proxy_redirect          off;
proxy_set_header        Host $host;
proxy_set_header        X-Real-IP $remote_addr; #获取真实IP
#proxy_set_header       X-Forwarded-For   $proxy_add_x_forwarded_for; #获取代理者的真实ip
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size       4k;
proxy_buffers           4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

2.配置nginx.conf
# cat /usr/local/nginx/confg/nginx.conf
user  www www;
worker_processes  1;
pid     /usr/local/nginx/logs/nginx.pid;

events {
use epoll;
worker_connections 1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    include     /usr/local/nginx/conf/proxy.conf;  #一定要指向代理文件

    sendfile        on;
    tcp_nopush      on;
    keepalive_timeout  65;

    server {
        listen       80;
        server_name  localhost;

charset gb2312;

        location / {
             root /www/web/ROOT;
             index  index.html index.htm;
        }

        location ~ .*.jsp$ {     #匹配以jsp结尾的，tomcat的网页文件是以jsp结尾
                index   index.jsp;
                proxy_pass       http://127.0.0.1:8080 ; #主要在这里，设置一个代理
        }

        location /nginxstatus {
                stub_status on;
                access_log on;
                auth_basic "nginxstatus";
                auth_basic_user_file /usr/local/nagois/etc/htpasswd.users;
        }

        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

3.测试
在/www/web/ROOT下添加文件index.html

# cat index.html
the port:80

重启nginx

http://192.168.2.150

http://192.168.2.150:8080

http://192.168.2.150/index.jsp

nginx 配置https

同事测试一ssl加密接口，但是负责该接口的同事有事请假了没在，所以我就临时给配置了一个https服务，写了一个简单接口供同事使用，配置nginx的https记录一下：

一、生成私钥和证书

创建带密钥口令的私钥
root@mysqlmaster:/tmp# openssl genrsa -des3 -out ng.key 1024
Generating RSA private key, 1024 bit long modulus
........++++++
...........................................++++++
e is 65537 (0x10001)
Enter pass phrase for ng.key: 输入口令
Verifying - Enter pass phrase for ng.key: 确认口令
二、创建csr文件
root@mysqlmaster:/tmp# openssl req -new -key ng.key -out ng.csr
Enter pass phrase for ng.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:国家如cn，hk
State or Province Name (full name) [Some-State]:州或省的名称如Beijing
Locality Name (eg, city) []:什么地方级别，是城市还是乡镇
Organization Name (eg, company) [Internet Widgits Pty Ltd]:什么组织，如公司，政府
Organizational Unit Name (eg, section) []:组织单位名称
Common Name (eg, YOUR name) []:名字
Email Address []:邮件地址

Please enter the following 'extra' attributes 额外信息
to be sent with your certificate request
A challenge password []: 复杂密码
An optional company name []：

1，创建私钥（去除密钥口令）
openssl rsa -in ng.key -out server.key
输入口令

2，创建CA证书
openssl req -new -x509 -days 3650 -key server.key -out server.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
和上面的步骤差不多，根据提示输入证书的信息，国家，管理人邮件，姓名，城市等

三、修改nginx配置文件

root@mysqlmaster:/tmp# cp server.crt server.key /etc/nginx/
默认需要证书放到nginx/conf/目录，那么
vi /etc/nginx/nginx.conf

增加

server{
listen 443;
server_name localhost;
ssl on;
ssl_certificate server.crt; #证书
ssl_certificate_key server.key; #私钥
location / {
root html;
index index.html index.htm;
}
}
root@mysqlmaster:/tmp# service nginx restart
重启服务

#Nginx