Nginx+Tomcat 7 to support SSL(HTTPS)

注意：本文出自 “阿飞”的博客 ，如果要转载本文章，请与作者联系！

并注明来源: http://blog.csdn.net/faye0412/article/details/8632959

要让Nginx+Tomcat7支持SSL，配置可以参考官方的相关文档，比如Tomcat7的：http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

1:: 证书

1）创建保存证书的目录：mkdir -p /usr/local/ssl

2) 生成证书： 

# cd /usr/local/ssl

# openssl genrsa -des3 -out server.key 1024

# openssl req -new -key server.key -out server.csr

# cp server.key server.key.org

# openssl rsa -in server.key.org -out server.key

# openssl rsa -in server.key -out server.pem

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

2:: 修改配置文件

1）修改Tomcat7的$TOMCAT7_HOME$/conf/server.xml

<Connector protocol="HTTP/1.1"
           port="8443" maxThreads="2000"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/usr/local/ssl/kbserver.crt"
           SSLCertificateKeyFile="/usr/local/ssl/kbserver.pem"
           SSLVerifyClient="optional" SSLProtocol="TLSv1"/>

2）修改Nginx的配置文件$NGINX_HOME$nginx.conf

server {
listen      443;
server_name  localhost:8443;
ssl                  on;
ssl_certificateserver.crt;
ssl_certificate_key  server.key;
ssl_session_timeout  5m;

location / {
proxy_pass https://localhost:8443;
proxy_set_header Host $host:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
}

3:: 重启Nginx和Tomcat7服务

4:: 参考

http://blog.nicknett.com/2011/09/configuring-tomcat-7-to-support-ssl.html