• Nginx、Tomcat配置https

    一、Nginx、Tomcat配置https

      前提就是已经得到了CA机构颁发的证书

      一、合并证书

      1、假设证书文件如下

      秘钥文件server.key,证书CACertificate-INTERMEDIATE-1.crt、CACertificate-ROOT-2.crt和ServerCertificate.crt

      2、使用cat命令合并证书

    cd /application/nginx/ssl
    cat     CACertificate-INTERMEDIATE-1.crt>>ServerCertificate.crt
cat CACertificate-ROOT-2.crt>>ServerCertificate.crt

      二、nginx反向代理证书

      /application/nginx/conf/vhost/oil_price_applet.conf

    upstream oilprice.test {
    server    localhost:8443;
}
server {
    listen       443;
    server_name  oilprice.test.com;
    root   /www/html/oil_price_applet;
    access_log  logs/access.log  main;
    ssl                  on;
    ssl_certificate      /application/nginx/ssl/ServerCertificate.crt;
    ssl_certificate_key  /application/nginx/ssl/server.key;
    ssl_session_timeout  5m;

    location / {
        root   /www/html/oil_price_applet;
        index  index.html index.htm index.php;
        proxy_pass  https://oilprice.test;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 1000m;
        client_body_buffer_size 1024k;
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_buffer_size 1024k;
        proxy_buffers 4 1024k;
        proxy_busy_buffers_size 1024k;
        proxy_temp_file_write_size 1024k;
        proxy_max_temp_file_size 128m;
    }
    location ~.*.(php|php5)?$ {
        root   /www/html/oil_price_applet;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index  index.php;
        include  fastcgi.conf;
   }
}
    /application/nginx/conf/vhost/oil_price_applet.conf

      三、在Tomcat下配置https生成keystore

      切记:设置的密码

      1、Convert x509 Cert and Key to a pkcs12 file(将证书和私钥转换为p12格式的证书)

    openssl pkcs12 -export -in ServerCertificate.crt -inkey server.key 
               -out server.p12 -name some-alias

      2、 Convert the pkcs12 file to a java keystore (将pkcs12格式的证书转换成java keystore)

    keytool -importkeystore 
        -deststorepass Ctb+wZs1 -destkeypass Ctb+wZs1  -destkeystore server.keystore 
        -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass Ctb+wZs1  
        -alias some-alias

      3、配置Tomcat

        <Connector port="8443"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                SSLEnabled="true"
                scheme="https"
                secure="true"
                keystoreFile="/application/nginx/ssl/server.keystore"
                keystorePass="Ctb+wZs1"
                sslProtocol="TLS"
                URIEncoding="utf-8" />

      4、重启Tomcat生效
  • 相关阅读:
    学习MongoDB(Troubleshoot Replica Sets) 集群排除故障
    MyBatis 相同事物查询缓存问题
    Spring事物源码
    Spring Session Redis
    Tomcat配置多个域名绑定到不同项目
    Shiro相关文章资料
    一网打尽:Java 程序员必须了解的计算机底层知识!
    Chrome 80 调教篇
    谭浩强《C++程序设计》
    HTTP/HTTPS协议
  • 原文地址:https://www.cnblogs.com/happy-king/p/9193422.html
Copyright © 2020-2023  润新知