侧边栏壁纸
博主头像
落叶人生博主等级

走进秋风,寻找秋天的落叶

  • 累计撰写 130562 篇文章
  • 累计创建 28 个标签
  • 累计收到 9 条评论
标签搜索

目 录CONTENT

文章目录
主机运维

Nginx+Https配置+Tomcat

2023-12-03 星期日 / 0 评论 / 0 点赞 / 72 阅读 / 5147 字

Nginx下配置https,nginx和tomcat之间走http,浏览器上使用https://域名实现访问,nginx的https端口为443,tomcat的端口是8081/8082/8083配置如

Nginx下配置https,nginx和tomcat之间走http,浏览器上使用https://域名实现访问,nginx的https端口为443,tomcat的端口是8081/8082/8083配置如下log_format ssl_wy '$remote_addr - $remote_user [$time_local] $request '                  '"$status" $body_bytes_sent "$http_referer" '                  '"$http_user_agent" "$http_x_forwarded_for" $request_time';server {        listen 80;        server_name wy1.cn; 		rewrite ^(.*) https://$server_name$1 permanent;		#return 301 https://wy1.cn$request_uri;		#rewrite  ^  https://$server_name$request_uri? permanent;}#server {        listen 80;        server_name wy2.cn; 		rewrite ^(.*) https://$server_name$1 permanent;		#return 301 https://wy2.cn$request_uri;		#rewrite  ^  https://$server_name$request_uri? permanent;}#server {        listen 80;		server_name wy3.cn; 		rewrite ^(.*) https://$server_name$1 permanent;		#return 301 https://wy3.cn$request_uri;		#rewrite  ^  https://$server_name$request_uri? permanent;}#server        {        listen      443;        server_name wy1.cn;	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;		#		ssl                  on;          		ssl_certificate      1__.wy.crt;		ssl_certificate_key      2__wy.key;		ssl_session_timeout  5m; 		ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;     		ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; 		ssl_prefer_server_ciphers   on;		#		location / {        proxy_pass http://127.0.0.1:8081;        #Proxy Settings        proxy_redirect off;        proxy_set_header Host $host;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;		proxy_set_header X-Forwarded-Proto https;        #proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;        proxy_max_temp_file_size 0;        proxy_connect_timeout 90;        proxy_send_timeout 90;        proxy_read_timeout 90;        proxy_buffer_size 4k;        proxy_buffers 4 32k;        proxy_busy_buffers_size 64k;        proxy_temp_file_write_size 64k;		}		#		if ($http_user_agent ~* "spider|bot|Yahoo") {                return 403;        }	#        access_log  /home/wwwlogs/https_wy1.cn.log ssl_wy;        }server        {        listen       443;        server_name wy2.cn;	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;		#		ssl                  on;         ssl_certificate      1__.wy.crt;        ssl_certificate_key      2__wy.key;        ssl_session_timeout  5m;         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;         ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;         ssl_prefer_server_ciphers   on;		#		location / {        proxy_pass http://127.0.0.1:8082;        #Proxy Settings        proxy_redirect off;        proxy_set_header Host $host;        proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Forwarded-Proto https;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;		#proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;		proxy_max_temp_file_size 512k;        proxy_connect_timeout 180;        proxy_send_timeout 180;        proxy_read_timeout 180;        proxy_buffer_size 4k;        proxy_buffers 4 32k;        proxy_busy_buffers_size 64k;        proxy_temp_file_write_size 512k;		}						#		if ($http_user_agent ~* "spider|bot|Yahoo") {                return 403;        }	#        access_log  /home/wwwlogs/https_wy2.cn.log ssl_wy;        }server        {        listen       443;        server_name wy3.cn;	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;		#		ssl                  on; 		ssl_certificate      1__.wy.crt;        ssl_certificate_key      2__wy.key;        ssl_session_timeout  5m;         ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;         ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;         ssl_prefer_server_ciphers   on; 		#		location / {        proxy_pass http://127.0.0.1:8083;        #Proxy Settings        proxy_redirect off;        proxy_set_header Host $host;        proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Forwarded-Proto https;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        #proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;        proxy_max_temp_file_size 0;        proxy_connect_timeout 90;        proxy_send_timeout 90;        proxy_read_timeout 90;        proxy_buffer_size 4k;        proxy_buffers 4 32k;        proxy_busy_buffers_size 64k;        proxy_temp_file_write_size 64k;		}		#		if ($http_user_agent ~* "spider|bot|Yahoo") {                return 403;        }	#        access_log  /home/wwwlogs/https_wy3.cn.log ssl_wy;        }重启nginxservice nginx restart重启nginx,这里三个tomcat下server.xml不用修改,测试OK#注:测试环境使用的为正式申请的证书

Https配置检测:
https://www.ssllabs.com/ssltest/
https://www.geocerts.com/ssl_checker

赞一下 返回首页
本文链接: https://www.qiuyue.org/internet/devops/86870.html
广告 广告

评论区