Nginx、Tomcat配置https
阿新 • • 發佈:2018-06-17
conn sch apache 分享 port led rtk test event
一、Nginx、Tomcat配置https
前提就是已經得到了CA機構頒發的證書
一、合並證書
1、假設證書文件如下
秘鑰文件server.key,證書CACertificate-INTERMEDIATE-1.crt、CACertificate-ROOT-2.crt和ServerCertificate.crt
2、使用cat命令合並證書
cd /application/nginx/ssl
cat CACertificate-INTERMEDIATE-1.crt>>ServerCertificate.crt cat CACertificate-ROOT-2.crt>>ServerCertificate.crt
二、nginx反向代理證書
/application/nginx/conf/vhost/oil_price_applet.conf
upstream oilprice.test { server localhost:8443; } server { listen 443; server_name oilprice.test.com; root /www/html/oil_price_applet; access_log logs/access.log main; ssl on; ssl_certificate/application/nginx/conf/vhost/oil_price_applet.conf/application/nginx/ssl/ServerCertificate.crt; ssl_certificate_key /application/nginx/ssl/server.key; ssl_session_timeout 5m; location / { root /www/html/oil_price_applet; index index.html index.htm index.php; proxy_pass https://oilprice.test; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 1000m; client_body_buffer_size 1024k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 1024k; proxy_buffers 4 1024k; proxy_busy_buffers_size 1024k; proxy_temp_file_write_size 1024k; proxy_max_temp_file_size 128m; } location ~.*\.(php|php5)?$ { root /www/html/oil_price_applet; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } }
三、在Tomcat下配置https生成keystore
切記:設置的密碼
1、Convert x509 Cert and Key to a pkcs12 file(將證書和私鑰轉換為p12格式的證書)
openssl pkcs12 -export -in ServerCertificate.crt -inkey server.key -out server.p12 -name some-alias
2、 Convert the pkcs12 file to a java keystore (將pkcs12格式的證書轉換成java keystore)
keytool -importkeystore -deststorepass Ctb+wZs1 -destkeypass Ctb+wZs1 -destkeystore server.keystore -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass Ctb+wZs1 -alias some-alias
3、配置Tomcat
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/application/nginx/ssl/server.keystore" keystorePass="Ctb+wZs1" sslProtocol="TLS" URIEncoding="utf-8" />
4、重啟Tomcat生效
Nginx、Tomcat配置https