https 证书配置

https://help.aliyun.com/document_detail/28548.html?spm=a2c4g.11186623.6.556.836f62aakrS03T
https://help.aliyun.com/document_detail/28550.html?spm=a2c4g.11186623.4.2.6ba76e7b4nrrD9

nginx + tomcat配置https的两种方法

nginx ssl配置



#配置跨域

            add_header Access-Control-Allow-Origin http://8888.com;
            add_header Access-Control-Allow-Headers X-Requested-With;
            add_header Access-Control-Allow-Methods GET,POST,OPTIONS;




# 需要手动将ssl证书放入/usr/local/nginx/conf/cert/目录下,分别为cert.crt和cert.key文件
    server {
        listen 80;
        server_name www.server.com;
        return 301 https://$server_name$request_uri;
    }  

    server {
        listen 443 ssl;
        server_name www.xxx.cn xxx.cn;
        ssl_certificate cert/cert.crt;
        ssl_certificate_key cert/cert.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
            root /usr/local/tomcat/webapps/ROOT;
            index index.html index.jsp index.htm;
        }
        location ~ .*.(jsp|servlet)$ {
            index index.html index.jsp index.htm;
            proxy_pass https://127.0.0.1:8443;
        }
        location /nginxstatus {
            stub_status on;
            access_log on;
            auth_basic "nginxstatus";
            auth_basic_user_file /usr/local/nagois/etc/htpasswd.users;
        }
        error_page 400 404 414 500 502 503 504 /Error.html;
    }

---
include myconf/*.conf;

# https.conf

server {
    listen 443;
    server_name localhost;
    ssl on;
    ssl_certificate   cert/a.pem;
    ssl_certificate_key  cert/a.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    root html;
    index index.html index.htm;

    location / {
        root html;
        index index.html index.htm;
    }
}


nginx支持http 和https共存

Nginx的https配置记录以及http强制跳转到https的方法梳理
开启全站HTTPS时代-Nginx SSL+tomcat集群
https://yq.aliyun.com/articles/532398?spm=5176.10695662.1996646101.searchclickresult.3a905c74o6RKer

https://yq.aliyun.com/articles/44970?spm=5176.10695662.1996646101.searchclickresult.3a905c74o6RKer

https://yq.aliyun.com/articles/532398?spm=5176.10695662.1996646101.searchclickresult.3a905c74o6RKer
https://yq.aliyun.com/articles/549192?spm=5176.10695662.1996646101.searchclickresult.3a905c74o6RKer

https://common-buy.aliyun.com/?spm=5176.2020520163.cas.1.zTLyhO&commodityCode=cas#/buy

https://www.cnblogs.com/lxf1117/p/6650647.html

tomcat ssl证书 PFX格式证书 配置

#Tomcat安装目录下新建cert目录,将下载的证书和密码文件拷贝到cert目录下
#Tomcat > conf > server.xml文件




----
#编辑Tomcat配置文件,强制使用https
/usr/local/tomcat/conf/web.xml


在最后的后面加上下面的代码
      
        CLIENT-CERT  
        Client Cert Users-only Area  
      
      
          
            SSL  
            /*  
          
          
            CONFIDENTIAL  
          
    


-----------
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header       X-Forwarded-Proto  $scheme;  
        proxy_set_header       X-Forwarded--Proto https;
        proxy_set_header      X-Forwarded-Scheme  https;



        proxy_set_header        X-Real-IP           $remote_addr;
        proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto   $scheme;
        proxy_set_header        X-Forwarded-Scheme  https;




#配置Tomcat server.xml 的 Engine 模块下配置一个 Value
     



        


          

   

---



implements HandlerInterceptor {
    
    @Override
    public void afterCompletion(HttpServletRequest arg0,
                                HttpServletResponse response, Object arg2, Exception arg3)
            throws Exception {
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse arg1,
                           Object arg2, ModelAndView arg3) throws Exception {
    }

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
                             Object arg2) throws Exception {
        String path = request.getContextPath();
        String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/";

        request.setCharacterEncoding("UTF-8");
        request.setAttribute("basePath", basePath);
        request.setAttribute("staticPath", ClientConstants.ALIBABA_PATH);
        return true;
    }

}

https://www.cnblogs.com/interdrp/p/4881785.html
https://blog.51cto.com/784687488/1828908
https://my.oschina.net/bozhi/blog/1922201
http://blog.sina.com.cn/s/blog_56d8ea900101hlhv.html
request.getScheme()获取不到https的问题记录

Nginx + Tomcat + HTTPS+负载均衡

https://help.aliyun.com/document_detail/98576.html?spm=a2c4g.11186623.6.569.119515a11X0ido
https://help.aliyun.com/document_detail/98727.html?spm=a2c4g.11186623.6.571.490120c697DMmQ

你可能感兴趣的:(https 证书配置)