Https部署说明
1、前期准备
将上述三个文件放到主机上并且将支持https的nginx解压
2、安装
三个文件解压以后nginx 下执行命令安装:
./configure --prefix=/app/jike/nginx-1.10.1 --with-stream --with-http_ssl_module --with-pcre=/app/jike/nginx_bak/pcre-8.38 --with-openssl=/app/jike/nginx_bak/openssl-1.0.2
make
make install
nginx配置如下,nginx仅仅做转发,不做负载,负载4A完成
https://my.oschina.net/zijian1315/blog/207311(参考生成证书)
具体配置文件如下:
#user nguser nguser;
worker_processes 2;
#daemon off;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 60000;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile off;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1000;
gzip_buffers 4 32k;
gzip_types text/plain text/xml application/x-javascript text/css ;
gzip_vary on;
server {
listen 8008 ssl;
server_name localhost;
#开启ssl支持
ssl on;
ssl_certificate /app/jike/bak/nginx_bak/certs/jksxssl.cer;
ssl_certificate_key /app/jike/bak/nginx_bak/certs/jksxssl.key;
large_client_header_buffers 4 16k;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_body_temp_path /home/nguser/nginx/client_body_temp 3 2;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})")
{
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
set $minute $5;
set $second $6;
}
access_log /home/nguser/nginx/logs/pc-$year-$month-$day.log;
location / {
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
proxy_pass https://*.*.*.*:8008/;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
client_max_body_size 10m;
}
}
server {
listen 8018;
server_name localhost;
client_body_temp_path /home/nguser/nginx/client_body_temp 3 2;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})")
{
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
set $minute $5;
set $second $6;
}
access_log /home/nguser/nginx/logs/app-$year-$month-$day.log;
location ~ ^/jikeInterface/(.*) {
proxy_pass http://*.*.*.*:7006;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
client_max_body_size 10m;
}
}
server {
listen 8028;
server_name localhost;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})")
{
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
set $minute $5;
set $second $6;
}
access_log /home/nguser/nginx/logs/resource-$year-$month-$day.log;
location / {
proxy_pass http://*.*.*.*:7081/;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
}
}
}
3、 配置
1) weblogic配置
在主机上修改weblogic配置
Weblogic https
1、配置密钥库
A)密钥库选择“定制标识和java标准信任。
B)密钥库:指定https 证书的安装地址。
C)密钥库类型:
D)密钥短语为:证书密码。***
E)生产秘钥***.jks
截图如下:
2) SSL配置
配置SSL:
a)别名为:ssl
b)密码为证书密码。
截图如下: