如果用nginx做方向代理, 那之前tomcat设置的https也就不用配置了。首先购买ssl证书,腾讯、阿里等各大厂商都有,也可以申请免费的,具体各大厂商都有提到。也可以用生成器生成免费的。都能找到文档,这里不做解释,直接上配置。博主用的centos7.3系统。
证书有,apache、tomcat、nginx等,将nginx目录下".crt"文件和".key"文件复制到"/etc/nginx"目录下:
#下面是前端页面nginx
upstream nginx.cn {
server 127.0.0.1;
}
server {
listen 443; #填写绑定证书的域名
server_name www.XXXXXX.com; #网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#ssl on;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate 1_eohicloud.com_bundle.crt; #证书文件名称
ssl_certificate_key 2_eohicloud.com.key; #私钥文件名称
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
}
server {
listen 80;
server_name www.XXXXX.com; # 填写绑定证书的域名
rewrite ^(.*)$ https://$host$1 permanent; # 把http的域名请求转成https,访问http://www.XXXXX.com会转发到https://
}
#如果项目用到了ws协议下面是wss配置
#下面是img
upstream img.cn {
server 127.0.0.1:8822;
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
server_name img.XXXXX.com;
root /usr/share/nginx/html;
ssl_certificate "1_eohicloud.com_bundle.crt";
ssl_certificate_key "2_eohicloud.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://img.cn/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade; #支持wss
proxy_set_header Connection "upgrade"; #支持wss
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}