SSL证书配置

1.1 tomcat配置SSL证书

tomcat配置
# 上传证书
cp ../abc.com.cn.jks ./conf/

# 修改配置
server.xml
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              keystoreFile="conf/domains.jks"
              keystorePass="xxxxxx" 　　//证书密钥 ，密码文本那个
              clientAuth="false" sslProtocol="TLS" />
              
 <Connector port="8088" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="/data01/abc/abc_web/tomcat/ssl/abc.com.cn.jks" keystorePass="abc" clientAuth="false" sslProtocol="TLS" connectionTimeout="20000" maxHttpHeaderSize="81920" relaxedQueryChars="&lt;&gt;[\]{|}" URIEncoding="utf-8" />

# 修改配置
web.xml
<login-config>  
    <!-- Authorization setting for SSL -->  
    <auth-method>CLIENT-CERT</auth-method>  
    <realm-name>Client Cert Users-only Area</realm-name>  
</login-config>  
<security-constraint>  
    <!-- Authorization setting for SSL -->  
    <web-resource-collection >  
        <web-resource-name >SSL</web-resource-name>  
        <url-pattern>/*</url-pattern>  
    </web-resource-collection>  
    <user-data-constraint>  
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>  
    </user-data-constraint>  
</security-constraint>

1.2 node.js 配置SSL证书

node.js 配置SSL证书
xxx.xxx.xxx.xxx
/home/abc/java_web/ws/ws
# 上传SSL证书
./ssl/abc.com.cn.key
./ssl/abc.com.cn.pem

代码修改

# ##########################################  代码  ####################################
/** 用于开发环境的服务启动 **/
const path = require("path"); // 获取绝对路径有用
const express = require("express"); // express服务器端框架
// const http = require("http");
const https = require("https");

const fs = require("fs");

const httpsOption = {
  key : fs.readFileSync(__dirname + "/ssl/abc.com.cn.key"),
  cert: fs.readFileSync(__dirname + "/ssl/abc.com.cn.pem")
}

const compression = require("compression");
const app = express(); // 实例化express服务
// const PORT = 8088; // 服务启动端口号
app.use(compression());

// http.createServer(app).listen(80);


/** express 跨域中间件 **/
const allowCrossDomain = function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*"); //自定义中间件，设置跨域需要的响应头。
  res.header("Access-Control-Allow-Headers", "Content-Type");
  res.header("Access-Control-Allow-Methods", "PUT,POST,GET,DELETE,OPTIONS");
  res.header("Access-Control-Allow-Credentials", "true");
  next();
};
app.use(allowCrossDomain); //运用跨域的中间件
/** express 跨域中间件 **/

// 如果是生产环境，则运行build文件夹中的代码
app.use(express.static("dist"));
app.get("*", function(req, res) {
  res.sendFile(path.join(__dirname, "dist",  "index.html"));
});

/** express 404 错误处理 **/
app.use(function(req, res, next) {
  var err = null;
  try {
    decodeURIComponent(req.path);
  } catch (e) {
    err = e;
  }
  if (err) {
    return res.redirect(["http://", req.get("Host"), "/404"].join(""));
  }
  next();
});

/** 启动服务 **/
// app.listen(PORT, () => {
//   console.log("本地服务启动地址: http://localhost:%s", PORT);
// });
https.createServer(httpsOption, app).listen(8088);

1.3 nginx配置

nginx配置
    server {
        listen 443 ssl;
        server_name 132.151.6.10;
        ssl_certificate /home/g/.local/share/mkcert/rootCA.crt;
        ssl_certificate_key /home/g/.local/share/mkcert/rootCA.key;
        # 停止通信时，加密会话的有效期，在该时间段内不需要重新交换密钥
        ssl_session_timeout 5m;
        # TLS握手时，服务器采用的密码套件
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        # 服务器支持的TLS版本
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        # 开启由服务器决定采用的密码套件
        ssl_prefer_server_ciphers on;
        location / {
            ......
        }
    }

    server {
        listen       80;
        server_name 132.151.6.10;
        # 将请求改写为HTTPS（这里写你配置了HTTPS的域名）
        rewrite ^(.*)$ https://132.151.6.10;
    }

# 验证配置文件是否有效
sbin/nginx -t
# 重启
nginx -s reload 

nginx配置ssl证书
如何使内网ip能够实现HTTPS访问