NginxTomcat配置https
Posted 思维无界限
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了NginxTomcat配置https相关的知识,希望对你有一定的参考价值。
一、nginx、Tomcat配置https
前提就是已经得到了CA机构颁发的证书
一、合并证书
1、假设证书文件如下
秘钥文件server.key,证书CACertificate-INTERMEDIATE-1.crt、CACertificate-ROOT-2.crt和ServerCertificate.crt
2、使用cat命令合并证书
cd /application/nginx/ssl
cat CACertificate-INTERMEDIATE-1.crt>>ServerCertificate.crt cat CACertificate-ROOT-2.crt>>ServerCertificate.crt
二、nginx反向代理证书
/application/nginx/conf/vhost/oil_price_applet.conf
upstream oilprice.test { server localhost:8443; } server { listen 443; server_name oilprice.test.com; root /www/html/oil_price_applet; access_log logs/access.log main; ssl on; ssl_certificate /application/nginx/ssl/ServerCertificate.crt; ssl_certificate_key /application/nginx/ssl/server.key; ssl_session_timeout 5m; location / { root /www/html/oil_price_applet; index index.html index.htm index.php; proxy_pass https://oilprice.test; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 1000m; client_body_buffer_size 1024k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 1024k; proxy_buffers 4 1024k; proxy_busy_buffers_size 1024k; proxy_temp_file_write_size 1024k; proxy_max_temp_file_size 128m; } location ~.*.(php|php5)?$ { root /www/html/oil_price_applet; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } }
三、在Tomcat下配置https生成keystore
切记:设置的密码
1、Convert x509 Cert and Key to a pkcs12 file(将证书和私钥转换为p12格式的证书)
openssl pkcs12 -export -in ServerCertificate.crt -inkey server.key -out server.p12 -name some-alias
2、 Convert the pkcs12 file to a java keystore (将pkcs12格式的证书转换成java keystore)
keytool -importkeystore -deststorepass Ctb+wZs1 -destkeypass Ctb+wZs1 -destkeystore server.keystore -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass Ctb+wZs1 -alias some-alias
3、配置Tomcat
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/application/nginx/ssl/server.keystore" keystorePass="Ctb+wZs1" sslProtocol="TLS" URIEncoding="utf-8" />
4、重启Tomcat生效
以上是关于NginxTomcat配置https的主要内容,如果未能解决你的问题,请参考以下文章