nginx+tomcat+https部署记录

1.环境说明

win7 64位系统
nginx-1.9.4
apache-tomcat-7.0.63

2.openssl生成证书

#key的生成 
openssl genrsa -des3 -out server.key 2048 
#生成没有密码的key
openssl rsa -in server.key -out server.key
#生成CA的crt
openssl req -new -x509 -key server.key -out server.crt -days 3650 

3.修改配置

nginx.conf

    upstream tomcat {
        server 127.0.0.1:8080 fail_timeout=0;
    }

    # HTTPS server
    server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      E:\wcp-web\server.crt;
        ssl_certificate_key  E:\wcp-web\server.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;


        location / {
            root   html;
            index  index.html index.htm;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_redirect off;
            proxy_connect_timeout      240;
            proxy_send_timeout         240;
            proxy_read_timeout         240;
            # note, there is not SSL here! plain HTTP is used
            proxy_pass http://tomcat;
        }
    }

tomcat，server.xml

4.启动

启动tomcat
    startup.bat
启动Nginx
    cmd
    cd D:\nginx-1.9.4
    D:\nginx-1.9.4>nginx
停止Nginx
    D:\nginx-1.9.4>nginx -s stop

5.访问

https://localhost/

6.备注

windows下 nginx 配置ssl的key是不能存储密码的，否则启动时会提示输入密码 
输入后也启动不起来，会报错： 
2011/04/18 09:49:09 [alert] 1992#4548: the event "ngx_master_1992" was 
not signaled for 5s 

解决方案是将密码刨掉，用法： 
openssl rsa -in server.key -out server.key