(https)nginx - tomcat(http)
阿新 • • 發佈:2017-05-19
nginx https
(https)nginx - tomcat(http)
/* */ conf]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BEIJING
Locality Name (eg, city) [Default City]:BEIJING
Organization Name (eg, company) [Default Company Ltd]:GNNT
Organizational Unit Name (eg, section) []:xuegod175.cn
Common Name (eg, your name or your server‘s hostname) []:xuegod175.cn
Email Address []:[email protected]
Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:GNNT
[[email protected] conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BEIJING/L=BEIJING/O=GNNT/OU=xuegod175.cn/CN=xueg[email protected]
Getting Private key
Enter pass phrase for server.key:實驗拓撲
Nginx服務端進行配置
Nginx安裝ssl模塊
[[email protected] nginx-1.8.0]# ./configure --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.37
[[email protected] nginx-1.8.0]# make
[[email protected] nginx-1.8.0]# make install
[[email protected] nginx-1.8.0]# cd /usr/local/nginx/conf/Openssl 加密
[[email protected] conf]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..................................++++++
..........................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[[email protected]Nginx 服務器進行配置
[[email protected] conf]# egrep -v "#|^$" nginx.conf >nginx.conf.bak
[[email protected] conf]# cp nginx.conf.bak nginx.conf
cp: overwrite `nginx.conf‘? yes
[[email protected] conf]# cat nginx.conf
user nginx nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name xuegod175.cn;#域名
ssl_certificate /usr/local/nginx/conf/server.crt;#證書路徑
ssl_certificate_key /usr/local/nginx/conf/server.key;#key路徑
ssl_session_cache shared:SSL:1m; #s儲存SSL會話的緩存類型和大小
ssl_session_timeout 5m; #會話過期時間
ssl_ciphers HIGH:!aNULL:!MD5; #為建立安全連接,服務器所允許的密碼格式列表
ssl_prefer_server_ciphers on; #依賴SSLv3和TLSv1協議的服務器密碼將優先於客戶端密碼
location / {
root html;
index index.html index.htm index.php;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
[[email protected] conf]# /usr/local/nginx/sbin/nginx -s reload
Enter PEM pass phrase:123456通過瀏覽進行訪問測試
安裝tomcat
配置jdk
Jdk的下載地址http://www.oracle.com/technetwork/java/javase/downloads/index.html
Tomcat的下載地址http://tomcat.apache.org/
[[email protected]~]# rpm -ivh jdk-8u60-linux-x64.rpm
[[email protected]~]# vim /etc/profile //修改變量
export JAVA_HOME=/usr/java/jdk1.8.0_60/ # JAVA_HOME變兩個路徑
export JAVA_BIN=/usr/java/jdk1.8.0_60/bin
export PATH=${JAVA_HOME}bin:$PATH # 環境變量
export CLASSPATH=.:${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar # 定義兩個 類
[[email protected]~]# source /etc/profile //加載環境變量使其立即生效
[[email protected]~]#java -version
[[email protected]~]#java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)安裝tomcat
[[email protected]~]# tar xvf apache-tomcat-8.0.26.tar.gz -C /usr/local/
[[email protected]~]# cd /usr/local/apache-tomcat-8.0.26/
[[email protected] local]# mv apache-tomcat-8.0.26/ tomcat/ 為了方便啟動
[[email protected] ~]# chmod -R 755 /etc/init.d/tomcat 賦予權限
[[email protected]~]# vim /etc/init.d/tomcat
#!/bin/bash
# Tomcat init script for Linux
# chkconfig: 2345 96 14
# discription: The Apache Tomcat Server/JSP container
JAVA_OPTS=‘-server -Xms64m -Xmx128m‘
JAVA_HOME=/usr/java/jdk1.8.0_60
CATALINA_HOME=/usr/local/tomcat
$CATALINA_HOME/bin/catalina.sh $*
[[email protected]~]# chkconfig --add tomcat
[[email protected]~]# chkconfig tomcat on
[[email protected]~]# netstat -antup | grep 8080 //查看是否啟動
tcp 0 0:::8080 :::* LISTEN 3154/java測試Tomcat
瀏覽進行訪問http://192.168.32.48:8080/ 
配置實驗
為了達到實驗要求 對nginx.conf進行調整:
[[email protected] ~]# cat /usr/local/nginx/conf/nginx.conf
user nginx nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name xuegod175.cn;#域名
ssl_certificate /usr/local/nginx/conf/server.crt;#證書路徑
ssl_certificate_key /usr/local/nginx/conf/server.key;#key路徑
ssl_session_cache shared:SSL:1m; #s儲存SSL會話的緩存類型和大小
ssl_session_timeout 5m; #會話過期時間
ssl_ciphers HIGH:!aNULL:!MD5; #為建立安全連接,服務器所允許的密碼格式列表
location / {
root html;
index index.html index.htm;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.42.176;
proxy_redirect default;
}
}
}
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
Enter PEM pass phrase:訪問進行測試
註意:在訪問測試之前 需要重啟nginx 還有刪除掉瀏覽器的緩存記錄(不然很容易入坑。。。)
成功的訪問到了192.168.42.176的界面 實驗已經成功。 本文出自 “天真無邪” 博客,轉載請與作者聯系!
(https)nginx - tomcat(http)