(https)nginx - tomcat(http)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了(https)nginx - tomcat(http)相关的知识,希望对你有一定的参考价值。
实验拓扑
Nginx服务端进行配置
Nginx安装ssl模块
[[email protected] nginx-1.8.0]# ./configure --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.37 [[email protected] nginx-1.8.0]# make [[email protected] nginx-1.8.0]# make install [[email protected]uegod175 nginx-1.8.0]# cd /usr/local/nginx/conf/
Openssl 加密
[[email protected] conf]# openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus ..................................++++++ ..........................................................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: [[email protected] conf]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BEIJING Locality Name (eg, city) [Default City]:BEIJING Organization Name (eg, company) [Default Company Ltd]:GNNT Organizational Unit Name (eg, section) []:xuegod175.cn Common Name (eg, your name or your server‘s hostname) []:xuegod175.cn Email Address []:[email protected] Please enter the following ‘extra‘ attributes to be sent with your certificate request A challenge password []:123456 An optional company name []:GNNT [[email protected] conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=CN/ST=BEIJING/L=BEIJING/O=GNNT/OU=xuegod175.cn/CN=xuegod175.cn/[email protected] Getting Private key Enter pass phrase for server.key:
Nginx 服务器进行配置
[[email protected] conf]# egrep -v "#|^$" nginx.conf >nginx.conf.bak [[email protected] conf]# cp nginx.conf.bak nginx.conf cp: overwrite `nginx.conf‘? yes [[email protected] conf]# cat nginx.conf user nginx nginx; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 443 ssl; server_name xuegod175.cn;#域名 ssl_certificate /usr/local/nginx/conf/server.crt;#证书路径 ssl_certificate_key /usr/local/nginx/conf/server.key;#key路径 ssl_session_cache shared:SSL:1m; #s储存SSL会话的缓存类型和大小 ssl_session_timeout 5m; #会话过期时间 ssl_ciphers HIGH:!aNULL:!MD5; #为建立安全连接,服务器所允许的密码格式列表 ssl_prefer_server_ciphers on; #依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码 location / { root html; index index.html index.htm index.php; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } } [[email protected] conf]# /usr/local/nginx/sbin/nginx -s reload Enter PEM pass phrase:123456
通过浏览进行访问测试
安装tomcat
配置jdk
Jdk的下载地址http://www.oracle.com/technetwork/java/javase/downloads/index.html Tomcat的下载地址http://tomcat.apache.org/ [[email protected]~]# rpm -ivh jdk-8u60-linux-x64.rpm [[email protected]~]# vim /etc/profile //修改变量 export JAVA_HOME=/usr/java/jdk1.8.0_60/ # JAVA_HOME变两个路径 export JAVA_BIN=/usr/java/jdk1.8.0_60/bin export PATH=${JAVA_HOME}bin:$PATH # 环境变量 export CLASSPATH=.:${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar # 定义两个 类 [[email protected]~]# source /etc/profile //加载环境变量使其立即生效 [[email protected]~]#java -version [[email protected]~]#java version "1.8.0_60" Java(TM) SE Runtime Environment (build 1.8.0_60-b27) Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)
安装tomcat
[[email protected]~]# tar xvf apache-tomcat-8.0.26.tar.gz -C /usr/local/ [[email protected]~]# cd /usr/local/apache-tomcat-8.0.26/ [[email protected] local]# mv apache-tomcat-8.0.26/ tomcat/ 为了方便启动 [[email protected] ~]# chmod -R 755 /etc/init.d/tomcat 赋予权限 [[email protected]~]# vim /etc/init.d/tomcat #!/bin/bash # Tomcat init script for Linux # chkconfig: 2345 96 14 # discription: The Apache Tomcat Server/JSP container JAVA_OPTS=‘-server -Xms64m -Xmx128m‘ JAVA_HOME=/usr/java/jdk1.8.0_60 CATALINA_HOME=/usr/local/tomcat $CATALINA_HOME/bin/catalina.sh $* [[email protected]~]# chkconfig --add tomcat [[email protected]~]# chkconfig tomcat on [[email protected]~]# netstat -antup | grep 8080 //查看是否启动 tcp 0 0:::8080 :::* LISTEN 3154/java
测试Tomcat
浏览进行访问http://192.168.32.48:8080/
配置实验
为了达到实验要求 对nginx.conf进行调整:
[[email protected] ~]# cat /usr/local/nginx/conf/nginx.conf user nginx nginx; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 443 ssl; server_name xuegod175.cn;#域名 ssl_certificate /usr/local/nginx/conf/server.crt;#证书路径 ssl_certificate_key /usr/local/nginx/conf/server.key;#key路径 ssl_session_cache shared:SSL:1m; #s储存SSL会话的缓存类型和大小 ssl_session_timeout 5m; #会话过期时间 ssl_ciphers HIGH:!aNULL:!MD5; #为建立安全连接,服务器所允许的密码格式列表 location / { root html; index index.html index.htm; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.42.176; proxy_redirect default; } } } [[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload Enter PEM pass phrase:
访问进行测试
注意:在访问测试之前 需要重启nginx 还有删除掉浏览器的缓存记录(不然很容易入坑。。。)成功的访问到了192.168.42.176的界面 实验已经成功。
本文出自 “天真无邪” 博客,转载请与作者联系!
以上是关于(https)nginx - tomcat(http)的主要内容,如果未能解决你的问题,请参考以下文章
配置nginx + https + tomcat/ nginx + https + jar/ nginx + https + tomcat + war