分享web开发知识

注册/登录|最近发布|今日推荐

主页 IT知识网页技术软件开发前端开发代码编程运营维护技术分享教程案例
当前位置:首页 > 教程案例

Nginx、Tomcat配置https

发布时间:2023-09-06 01:26责任编辑:彭小芳关键词:配置http

一、Nginx、Tomcat配置https

  前提就是已经得到了CA机构颁发的证书

  一、合并证书

  1、假设证书文件如下

  秘钥文件server.key,证书CACertificate-INTERMEDIATE-1.crt、CACertificate-ROOT-2.crt和ServerCertificate.crt

  2、使用cat命令合并证书

cd /application/nginx/ssl
cat CACertificate-INTERMEDIATE-1.crt>>ServerCertificate.crtcat CACertificate-ROOT-2.crt>>ServerCertificate.crt

  二、nginx反向代理证书

  /application/nginx/conf/vhost/oil_price_applet.conf

upstream oilprice.test { ???server ???localhost:8443;}server { ???listen ??????443; ???server_name ?oilprice.test.com; ???root ??/www/html/oil_price_applet; ???access_log ?logs/access.log ?main; ???ssl ?????????????????on; ???ssl_certificate ?????/application/nginx/ssl/ServerCertificate.crt; ???ssl_certificate_key ?/application/nginx/ssl/server.key; ???ssl_session_timeout ?5m; ???location / { ???????root ??/www/html/oil_price_applet; ???????index ?index.html index.htm index.php; ???????proxy_pass ?https://oilprice.test; ???????proxy_set_header Host $host; ???????proxy_set_header X-Real-IP $remote_addr; ???????proxy_set_header REMOTE-HOST $remote_addr; ???????proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ???????client_max_body_size 1000m; ???????client_body_buffer_size 1024k; ???????proxy_connect_timeout 90; ???????proxy_send_timeout 90; ???????proxy_read_timeout 90; ???????proxy_buffer_size 1024k; ???????proxy_buffers 4 1024k; ???????proxy_busy_buffers_size 1024k; ???????proxy_temp_file_write_size 1024k; ???????proxy_max_temp_file_size 128m; ???} ???location ~.*\.(php|php5)?$ { ???????root ??/www/html/oil_price_applet; ???????fastcgi_pass ?127.0.0.1:9000; ???????fastcgi_index ?index.php; ???????include ?fastcgi.conf; ??}}
/application/nginx/conf/vhost/oil_price_applet.conf

  三、在Tomcat下配置https生成keystore

  切记:设置的密码

  1、Convert x509 Cert and Key to a pkcs12 file(将证书和私钥转换为p12格式的证书)

openssl pkcs12 -export -in ServerCertificate.crt -inkey server.key ???????????????-out server.p12 -name some-alias

  2、 Convert the pkcs12 file to a java keystore (将pkcs12格式的证书转换成java keystore)

keytool -importkeystore ????????-deststorepass Ctb+wZs1 -destkeypass Ctb+wZs1 ?-destkeystore server.keystore ????????-srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass Ctb+wZs1 ?????????-alias some-alias

  3、配置Tomcat

 ???<Connector port="8443" ???????????????protocol="org.apache.coyote.http11.Http11NioProtocol" ???????????????SSLEnabled="true" ???????????????scheme="https" ???????????????secure="true" ???????????????keystoreFile="/application/nginx/ssl/server.keystore" ???????????????keystorePass="Ctb+wZs1" ???????????????sslProtocol="TLS" ???????????????URIEncoding="utf-8" />

  4、重启Tomcat生效

Nginx、Tomcat配置https

原文地址:https://www.cnblogs.com/happy-king/p/9193422.html

知识推荐

我的编程学习网——分享web前端后端开发技术知识。 垃圾信息处理邮箱 tousu563@163.com 网站地图
icp备案号 闽ICP备2023006418号-8 不良信息举报平台 互联网安全管理备案 Copyright 2023 www.wodecom.cn All Rights Reserved