Java Web网站部署国外平台(日本东京),并配置https域名服务
1. 购买日本东京云服务器
购买后使用远程连接工具(如:Xshell等)连接,准备下载nginx、jdk等必要工具
2. nginx
1. 安装nginx依赖的库
首先安装nginx依赖的库,主要包括:**GCC,PCRE,zlib,OpenSSL,**执行下面的命令一次性安装即可
yum install -y gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel
2. 进入到自己创建的目录准备解压nginx
cd /opt/demo
3. 下载Nginx安装包并解压
wget http://nginx.org/download/nginx-1.16.1.tar.gz
tar -zxvf nginx-1.22.0.tar.gz
4. 配置confiure
进入到目录中:(以自己目录为准)
cd /opt/demo/nginx-1.22.0
配置confifigure:
./configure
这个脚本是用来生成nginx相关文件的目录的,在复杂的安装模式中是可以指定其他参数的,比如path ,这里使用默认的 ,默认情况下,安装完毕后,生成的主目录就在 /usr/local/nginx 中,但是目前还不会生成,继续往后看
5. 执行make
接着执行下面命令:就会在【/usr/local/nginx】中生成nginx的文件了,就有sbin目录了
make && make install
6. 启动nginx服务
第4步执行完毕后,Nginx就算安装完成了,接下来执行下面命令启动Nginx
先进入sbin目录
cd /usr/local/nginx/sbin
然后执行下面命令启动nginx
./nginx
7. 访问Nginx
测试一下是否成功,浏览器测试,使用服务器公网ip:
浏览器出现上面内容,说明Nginx启动成功
8. 重启命令
./nginx -s reload
9. nginx设置开机自启动参考链接:nginx设置开机自启动
10. nginx前端文件存放位置
11. nginx配置文件修改(域名解析代理)
#user nobody;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
client_max_body_size 25m;
server {
listen 80;
# 公网ip
server_name www.jp.ytrees.com jp.ytrees.com;
#终端内容访问
set $flag "pc";
set $num 1;
set $hua "${http_user_agent}";
set $iospad "${http_user_agent}";
set $androidpad "${http_user_agent}";
#mobile端访问内容
if ( $http_user_agent ~* "Mobile") {
set $flag "mobile";
}
#ios-pad端访问内容
if ( $iospad ~* "iPad|ipad") {
set $flag "pad";
}
#android-pad端访问内容
if ( $androidpad ~* "Android") {
set $num "${num}2";
}
if ( $hua !~* "Mobile") {
set $num "${num}3";
}
if ( $num = "123") {
set $flag "pad";
}
#指定web容器访问路径
location / {
#PC访问
if ($flag = pc) {
rewrite ^/(.*)$ https://jp.ytrees.com/$1 permanent;
break;
}
#Pad访问
if ($flag = pad) {
rewrite ^/(.*)$ https://pad.jp.ytrees.com/$1 permanent;
break;
}
#移动端访问
if ($flag = mobile) {
rewrite ^/(.*)$ https://m.jp.ytrees.com/$1 permanent;
break;
}
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
server {
listen 443 ssl;
server_name www.jp.ytrees.com jp.ytrees.com;
root /usr/local/nginx/html/dist;
index index.html index.htm;
ssl_certificate /usr/local/nginx/conf/cert/jp.ytrees.com.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/jp.ytrees.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
charset utf-8;
gzip on;
gzip_buffers 32 4K;
gzip_comp_level 6;
gzip_min_length 100;
gzip_types text/plain application/javascript application/x-javascript text/css
application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
if ($host = 'www.jp.ytrees.com' ) {
rewrite ^/(.*)$ https://jp.ytrees.com/$1 permanent;
}
#终端内容访问
set $flag "pc";
set $num 1;
set $hua "${http_user_agent}";
set $iospad "${http_user_agent}";
set $androidpad "${http_user_agent}";
#mobile端访问内容
if ( $http_user_agent ~* "Mobile") {
set $flag "mobile";
}
#ios-pad端访问内容
if ( $iospad ~* "iPad|ipad") {
set $flag "pad";
}
#android-pad端访问内容
if ( $androidpad ~* "Android") {
set $num "${num}2";
}
if ( $hua !~* "Mobile") {
set $num "${num}3";
}
if ( $num = "123") {
set $flag "pad";
}
#指定web容器访问路径
location / {
#Pad访问
if ($flag = pad) {
rewrite ^/(.*)$ https://pad.jp.ytrees.com/$1 permanent;
break;
}
#移动端访问 指定web容器访问路径
if ($flag = mobile) {
rewrite ^/(.*)$ https://m.jp.ytrees.com/$1 permanent;
break;
}
try_files $uri $uri/ /index.html; # 尝试匹配静态文件,否则转发到 index.html
client_max_body_size 70m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /prod-api/{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# location - proxy_pass:这里的IP配置成Linux服务器的IP地址即可,端口改成后台服务器的端口即可
proxy_pass http://47.74.1.149:8981/; #后台服务的端口
}
}
server {
listen 80;
# 公网ip
server_name www.m.jp.ytrees.com m.jp.ytrees.com;
#终端内容访问
set $flag "pc";
set $num 1;
set $hua "${http_user_agent}";
set $iospad "${http_user_agent}";
set $androidpad "${http_user_agent}";
#mobile端访问内容
if ( $http_user_agent ~* "Mobile") {
set $flag "mobile";
}
#ios-pad端访问内容
if ( $iospad ~* "iPad|ipad") {
set $flag "pad";
}
#android-pad端访问内容
if ( $androidpad ~* "Android") {
set $num "${num}2";
}
if ( $hua !~* "Mobile") {
set $num "${num}3";
}
if ( $num = "123") {
set $flag "pad";
}
#指定web容器访问路径
location / {
#PC访问
if ($flag = pc) {
rewrite ^/(.*)$ https://jp.ytrees.com/$1 permanent;
break;
}
#Pad访问
if ($flag = pad) {
rewrite ^/(.*)$ https://pad.jp.ytrees.com/$1 permanent;
break;
}
#移动端访问
if ($flag = mobile) {
rewrite ^/(.*)$ https://m.jp.ytrees.com/$1 permanent;
break;
}
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
server {
listen 443 ssl;
server_name www.m.jp.ytrees.com m.jp.ytrees.com;
root /usr/local/nginx/html/dist;
index index.html index.htm;
ssl_certificate /usr/local/nginx/conf/cert/m.jp.ytrees.com.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/m.jp.ytrees.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
charset utf-8;
gzip on;
gzip_buffers 32 4K;
gzip_comp_level 6;
gzip_min_length 100;
gzip_types text/plain application/javascript application/x-javascript text/css
application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
if ($host = 'www.m.jp.ytrees.com' ) {
rewrite ^/(.*)$ https://m.jp.ytrees.com/$1 permanent;
}
#终端内容访问
set $flag "pc";
set $num 1;
set $hua "${http_user_agent}";
set $iospad "${http_user_agent}";
set $androidpad "${http_user_agent}";
#mobile端访问内容
if ( $http_user_agent ~* "Mobile") {
set $flag "mobile";
}
#ios-pad端访问内容
if ( $iospad ~* "iPad|ipad") {
set $flag "pad";
}
#android-pad端访问内容
if ( $androidpad ~* "Android") {
set $num "${num}2";
}
if ( $hua !~* "Mobile") {
set $num "${num}3";
}
if ( $num = "123") {
set $flag "pad";
}
#指定web容器访问路径
location / {
#PC访问
if ($flag = pc) {
rewrite ^/(.*)$ https://jp.ytrees.com/$1 permanent;
break;
}
#Pad访问
if ($flag = pad) {
rewrite ^/(.*)$ https://pad.jp.ytrees.com/$1 permanent;
break;
}
try_files $uri $uri/ /index.html; # 尝试匹配静态文件,否则转发到 index.html
client_max_body_size 70m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /prod-api/{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# location - proxy_pass:这里的IP配置成Linux服务器的IP地址即可,端口改成后台服务器的端口即可
proxy_pass http://47.74.1.149:8981/; #后台服务的端口
}
}
server {
listen 80;
# 公网ip
server_name www.pad.jp.ytrees.com pad.jp.ytrees.com;
#终端内容访问
set $flag "pc";
set $num 1;
set $hua "${http_user_agent}";
set $iospad "${http_user_agent}";
set $androidpad "${http_user_agent}";
#mobile端访问内容
if ( $http_user_agent ~* "Mobile") {
set $flag "mobile";
}
#ios-pad端访问内容
if ( $iospad ~* "iPad|ipad") {
set $flag "pad";
}
#android-pad端访问内容
if ( $androidpad ~* "Android") {
set $num "${num}2";
}
if ( $hua !~* "Mobile") {
set $num "${num}3";
}
if ( $num = "123") {
set $flag "pad";
}
#指定web容器访问路径
location / {
#PC访问
if ($flag = pc) {
rewrite ^/(.*)$ https://jp.ytrees.com/$1 permanent;
break;
}
#Pad访问
if ($flag = pad) {
rewrite ^/(.*)$ https://pad.jp.ytrees.com/$1 permanent;
break;
}
#移动端访问
if ($flag = mobile) {
rewrite ^/(.*)$ https://m.jp.ytrees.com/$1 permanent;
break;
}
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
server {
listen 443 ssl;
server_name www.pad.jp.ytrees.com pad.jp.ytrees.com;
root /usr/local/nginx/html/dist;
index index.html index.htm;
ssl_certificate /usr/local/nginx/conf/cert/pad.jp.ytrees.com.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/pad.jp.ytrees.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
charset utf-8;
gzip on;
gzip_buffers 32 4K;
gzip_comp_level 6;
gzip_min_length 100;
gzip_types text/plain application/javascript application/x-javascript text/css
application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
if ($host = 'www.pad.jp.ytrees.com' ) {
rewrite ^/(.*)$ https://pad.jp.ytrees.com/$1 permanent;
}
#终端内容访问
set $flag "pc";
set $num 1;
set $hua "${http_user_agent}";
set $iospad "${http_user_agent}";
set $androidpad "${http_user_agent}";
#mobile端访问内容
if ( $http_user_agent ~* "Mobile") {
set $flag "mobile";
}
#ios-pad端访问内容
if ( $iospad ~* "iPad|ipad") {
set $flag "pad";
}
#android-pad端访问内容
if ( $androidpad ~* "Android") {
set $num "${num}2";
}
if ( $hua !~* "Mobile") {
set $num "${num}3";
}
if ( $num = "123") {
set $flag "pad";
}
#指定web容器访问路径
location / {
#PC访问
if ($flag = pc) {
rewrite ^/(.*)$ https://jp.ytrees.com/$1 permanent;
break;
}
#移动端访问 指定web容器访问路径
if ($flag = mobile) {
rewrite ^/(.*)$ https://m.jp.ytrees.com/$1 permanent;
break;
}
try_files $uri $uri/ /index.html; # 尝试匹配静态文件,否则转发到 index.html
client_max_body_size 70m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /prod-api/{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# location - proxy_pass:这里的IP配置成Linux服务器的IP地址即可,端口改成后台服务器的端口即可
proxy_pass http://47.74.1.149:8981/; #后台服务的端口
}
}
}
12. 修改配置文件增加Http和Https服务后,启动nginx未开启SSL模块的解决办法
问题详情
[root@iZ6webtt8ba5nb7lx0433hZ ~]# /usr/local/nginx/sbin/nginx
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:93
解决办法:Nginx开启SSL模块
- 切换到源码包:
cd /home/lowcode/nginx-1.16.1
- 查看nginx原有的模块
/usr/local/nginx/sbin/nginx -V
- 在configure arguments:后面显示的原有的configure参数如下:
--prefix=/usr/local/nginx --with-http_stub_status_module
4.那么新配置信息应该这样写:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
- 运行上面的命令即可,等配置完成后,运行命令
make
注:这里不要进行make install,否则就是覆盖安装
- 备份原有已安装好的nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
- 将刚刚编译好的nginx覆盖掉原有的nginx(这个时候nginx要停止状态)
cp ./objs/nginx /usr/local/nginx/sbin/
- 启动nginx,仍可以通过命令查看是否已经加入成功
/usr/local/nginx/sbin/nginx -V
3. jdk1.8
1. 安装:参考链接:CentOS 7 上安装 Java 1.8
2. 传入项目jdk
项目jdk保存位置: /home/lowcode/jdk/lowcode.jar
3. 运行命令
nohup java -jar -Dfile.encoding=utf-8 /home/lowcode/jdk/lowcode.jar > /home/lowcode/jdk/lowcode.log 2>&1 &
4、域名解析及nginx ssl证书文件
注:从阿里云域名解析配置域名指向地址、并下载ssl证书
1、域名商配置域名指向
2、下载ssl证书并配置到nginx配置文件指定位置
5、配置防火墙
1、阿里云云服务器防火墙设置
2、linux防火墙设置
在 CentOS 7 上,您可以使用以下命令来查看防火墙状态和配置,并设置防火墙规则:
-
查看防火墙状态:
sudo systemctl status firewalld
该命令将显示防火墙服务(firewalld)的状态信息,包括是否正在运行。
-
启动防火墙:
sudo systemctl start firewalld
如果防火墙尚未运行,可以使用此命令启动它。
-
停止防火墙:
sudo systemctl stop firewalld
使用此命令可以停止防火墙服务。
-
设置防火墙规则:
防火墙规则管理工具是firewall-cmd
,以下是一些常用的命令示例:-
添加允许的端口(例如,添加 HTTP (80) 和 HTTPS (443) 端口):
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
-
移除允许的端口:
sudo firewall-cmd --zone=public --remove-port=80/tcp --permanent sudo firewall-cmd --zone=public --remove-port=443/tcp --permanent
-
重新加载防火墙规则:
sudo firewall-cmd --reload
这些是一些基本的防火墙命令示例。您可以根据自己的需求使用其他选项和参数来设置更复杂的防火墙规则。
-
如:
6、通过域名访问(即部署成功)
注:文档请以理解为主,可能有些文件路径跟前面提到的文件路径不一致。这是因为笔记做到这个时候,遇到bug,查文档,别人的文件路径与我的不一致。
继续搬砖了,评论看到会回复