配置nginx + https + tomcat/ nginx + https + jar/ nginx + https + tomcat + war
1.nginx + https + tomcat
nginx配置:
server {
listen 443;
server_name www.example.com; #域名
ssl on;
#index index.html index.htm;
ssl_certificate cert/1523584742511.pem; #证书
ssl_certificate_key cert/1523584732510.key; #证书
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root "C:/Program Files/apache-tomcat-8.5.30/webapps"; #tomcat路径
index index.html index.htm;
}
}
server {
listen 80;
server_name www.example.com; #域名
rewrite ^(.*)$ https://$host$1 permanent; #将80端口的http转向443端口的https
}
2.nginx + https + jar
spring boot打包的jar,本身已包含内置tomcat可以独立运行,所以在任意地方启动服务后
现在spring boot项目的propertis里增加配置:
server.use-forward-headers=true
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto
server.tomcat.port-header=X-Forwarded-Port
nginx配置:
server {
listen 443;
server_name www.example.com;
ssl on;
#index index.html index.htm;
ssl_certificate cert/1523584742511.pem; #证书
ssl_certificate_key cert/1523234742510.key; #证书
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:9001/your-example-applet; #启动的jar服务名,就是那个properties里的server.context-path=
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
server {
listen 80;
server_name www.example.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
3.nginx + https + tomcat + war
打war包时排除内置tomcat
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<!-- 用于war包时排除tomcat -->
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- 用于运行时使用但打war包时排除tomcat -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
nginx配置类似:
server {
listen 443;
server_name www.example.com;
ssl on;
#index index.html index.htm;
ssl_certificate cert/1523584742511.pem; #证书
ssl_certificate_key cert/1523583742510.key; #证书
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:9001/your-example-applet; #启动的jar服务名,就是那个properties里的server.context-path=
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
root "C:/Program Files/apache-tomcat-8.5.30/webapps"; #tomcat路径
index index.html index.htm;
}
}
server {
listen 80;
server_name www.example.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
