天天看點
傳回

nginx 使用ssl的方法代理tomcat

一.配置tomcat

生成私鑰

  2. 使用私鑰自簽證書

  3.配置tomcat的https連接配接器,修改server.xml檔案,這裡是配置的apr模式

  <Connector port="8443" SSLEnabled="true"  protocol="org.apache.coyote.http11.Http11AprProtocol"

 SSLCertificateFile="/home/hxtest/tomcat6/conf/ssl/tomcatca.pem" SSLCertificateKeyFile="/home/hxtest/tomcat6/conf/ssl/tomcatkey.pem"   maxThreads="500" scheme="https" secure="true" sslProtocol="TLSv1+TLSv1.1+TLSv1.2"  SSLVerifyClient="optional"  />

 二.配置nginx

 1.生成私鑰

     openssl genrsa -des3 -out ssl.key 1024

 2.建立證書簽名請求(CSR)

     openssl req -new -key ssl.key -out ssl.csr

 3.清除SSL啟動nginx時提示必須輸入密鑰

     cp ssl.key ssl.key.org

     openssl rsa -in ssl.key.org -out ssl.key

 4.使用剛生成的私鑰和CSR進行證書簽名

     openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt

 5.把私鑰和證書加入到nginx.conf的配置檔案中

     ssl_certificate      /etc/nginx/ssl/ssl.crt;

     ssl_certificate_key  /etc/nginx/ssl/ssl.key;

三.配置nginx 使用https協定代理tomcat。

# HTTPS server

    #

    server {

        listen       443 ;

        server_name  192.168.100.2;#本機nginx的IP位址

        ssl on;

    ### SSL log files ###

        access_log      /var/log/nginx/ssl-access.log;

        error_log       /var/log/nginx/ssl-error.log;

    ### SSL cert files ###

       ssl_certificate      /etc/nginx/ssl/ssl.crt;

       ssl_certificate_key  /etc/nginx/ssl/ssl.key;

    ###  Limiting Ciphers ########################

       ssl_session_cache    shared:SSL:10m;

       ssl_session_timeout  5m;

    # Intermediate configuration. tweak to your needs.

#       ssl_protocols TLSv1.1 TLSv1.2;

       ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:!ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:!RC4-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH;

       ssl_prefer_server_ciphers  on;

#       ssl_ecdh_curve secp384r1;

#       ssl_session_tickets off;

#       ssl_stapling on;

#       ssl_stapling_verify on;

#       ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

       add_header Strict-Transport-Security max-age=31536000;

       add_header X-Frame-Options DENY;

       add_header X-Content-Type-Options nonsniff;      

 ##############################################

    ### We want full access to SSL via backend ###

        location / {

    #        root   html;

        index  index.html index.htm index.php;

#       proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

       proxy_set_header        Host            $host;

       proxy_set_header        X-Real-IP       $remote_addr;

       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

#       proxy_set_header        X-Forwarded-Proto $scheme;

#       add_header              Front-End-Https   on;

#       proxy_redirect     off;

             }

本文轉自伺服器運維部落格51CTO部落格,原文連結http://blog.51cto.com/shamereedwine/1790398如需轉載請自行聯系原作者

neijiade10000

應用服務中間件 網絡安全 nginx 運維 nginx tomcat配置ssl nginx使用ssl nginx ssl站點 nginx SSL證書使用 nginx ssl問題
上一篇: 如何在騰訊雲上搭建一個PPT自動播放的伺服器
下一篇: js将數組對象中,以某個值相同的對象合并成一個;即把某個值相同的對象内容合并成一個

繼續閱讀