nginx tomcat https
1.首先确保机器上安装了openssl和openssl-devel #yum install openssl #yum install openssl-devel 2. server { listen 443 ssl; server_name vota.swmmotors.com.cn; ssl_certificate cert/vota.swmmotors.com.cn_bundle.crt; #当前conf/目录下 ssl_certificate_key cert/vota.swmmotors.com.cn.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } 3.tomcat的配置 <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> 变成 <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" proxyPort="443" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> 上面的value是tomcat自带的,下面的使我们要添加的 <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" /> 原因也很简单,nginx缺少http_ssl_module模块,编译安装的时候带上--with-http_ssl_module配置就行了,但是现在的情况是我的nginx已经安装过了,怎么添加模块,其实也很简单,往下看: 做个说明:我的nginx的安装目录是/usr/local/nginx这个目录,我的源码包在/usr/local/src/nginx-1.6.2目录 1 nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:37 1.2 Nginx开启SSL模块 切换到源码包: cd /usr/local/src/nginx-1.11.3 查看nginx原有的模块 /usr/local/nginx/sbin/nginx -V 在configure arguments:后面显示的原有的configure参数如下: --prefix=/usr/local/nginx --with-http_stub_status_module 那么我们的新配置信息就应该这样写: ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module 运行上面的命令即可,等配置完 配置完成后,运行命令 make 这里不要进行make install,否则就是覆盖安装 然后备份原有已安装好的nginx cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak 然后将刚刚编译好的nginx覆盖掉原有的nginx(这个时候nginx要停止状态) cp ./objs/nginx /usr/local/nginx/sbin/ 然后启动nginx,仍可以通过命令查看是否已经加入成功 /usr/local/nginx/sbin/nginx -V