Nginx + 阿里云SSL + tomcat 实现https访问代理,nginx阿里

Nginx + Ali云SSL + tomcat 得以达成https访问代理,nginxAli

先是步:Ali云申请云盾证书服务

第二步:下载证书

第三步:修改Nginx配置

  1. 证书文件214033834890360.pem,包罗两段内容,请不要删除任何生龙活虎段内容。

  2. 要是是注解系统创建的CSCRUISER,还饱含:证书私钥文件214033834890360.key。

( 1 卡塔尔(英语:State of Qatar)在Nginx的装置目录下创办cert目录,况兼将下载的全体文件拷贝到cert目录中。假诺申请证书时是友好创立的CS途观文件,请将相应的私钥文件放到cert目录下同一时间命名称为214033834890360.key;

( 2 卡塔尔 张开 Nginx 安装目录下 conf 目录中的 nginx.conf 文件,找到:

worker_processes 4;
error_log logs/error.log crit; #日志位置和日志级别
pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream backend {
#ip_hash;
server 172.17.0.3:8080 weight=1 max_fails=2 fail_timeout=2;
server 172.17.0.4:8080 weight=1 max_fails=2 fail_timeout=2;
}
upstream mgr {
#ip_hash;
server 172.17.0.7:8080 weight=1 max_fails=2 fail_timeout=2;
}

server {

    listen 443;
    server_name  localhost;
    ssl on;
    root html;
    index index.html index.htm;
    ssl_certificate   cert/214031620150360.pem;
    ssl_certificate_key  cert/214031620150360.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

location / {
    proxy_pass  http://backend;
    ### force timeouts if one of backend is died ##
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    ### Set headers ####
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    ## Most PHP, Python, Rails, Java App can use this header ###
    proxy_set_header X-Forwarded-Proto https;
    ### By default we don't want to redirect it ####
    proxy_redirect     off;           
}

location /test/ {
        proxy_pass  http://172.17.0.5:8080;
    ### force timeouts if one of backend is died ##
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    ### Set headers ####
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    ## Most PHP, Python, Rails, Java App can use this header ###
    proxy_set_header X-Forwarded-Proto https;
    ### By default we don't want to redirect it ####
    proxy_redirect     off;  
}
location /dev/ {
    proxy_pass http://172.17.0.6:8080;
    ### force timeouts if one of backend is died ##
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    ### Set headers ####
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    ## Most PHP, Python, Rails, Java App can use this header ###
    proxy_set_header X-Forwarded-Proto https;
    ### By default we don't want to redirect it ####
    proxy_redirect     off;  
}
location /pre/ {
        proxy_pass http://mgr;
    ### force timeouts if one of backend is died ##
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    ### Set headers ####
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    ## Most PHP, Python, Rails, Java App can use this header ###
    proxy_set_header X-Forwarded-Proto https;
    ### By default we don't want to redirect it ####
    proxy_redirect     off;
}
}
}

修改Tomcat配置

新增配置项:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>

第四步:启动Nginx

/usr/local/nginx/nginx

第五步:测试https域名

OK

+ Ali云SSL + tomcat
得以达成https访谈代理,nginxAli 第一步:Ali云申请云盾证书服务
第二步:下载证书 第三步:校正Nginx配置 1. 证件文件…

发表评论

电子邮件地址不会被公开。 必填项已用*标注

相关文章