Tomcat-学习目录
1、环境准备
1.1、主机准备
tomcat1 192.168.10.5
tomcat2 192.168.10.7
nginx 192.168.10.4
1.2、环境部署
2、Openssl-pfx格式证书转换成key和crt
2.1、复制pfx证书到nginx服务器上
tomcat01 ~]# scp /usr/local/tomcat/ssl/20230503.pfx root@192.168.10.4:~
2.2、创建存放证书的目录
2.3、openssl-pfx格式证书转换成pem、key、crt
2.4、查看证书目录
]# ll /etc/nginx/ssl
-rw-r--r-- 1 root root 1204 May 4 09:58 20230503.crt
-rw-r--r-- 1 root root 1675 May 4 09:57 20230503.key
-rw-r--r-- 1 root root 3261 May 4 09:54 20230503.pem
3、Nginx配置https
3.1、nginx配置
cat >/etc/nginx/conf.d/zrlog.cyc.com.conf<<'EOF'
upstream zrlog {
server 192.168.10.5:8080 max_fails=2 fail_timeout=10s;
server 192.168.10.7:8080 max_fails=2 fail_timeout=10s;
}
server {
listen 443;
server_name zrlog.cyc.com;
ssl on;
ssl_certificate ssl/20230503.crt;
ssl_certificate_key ssl/20230503.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
keepalive_timeout 60s;
ssl_session_cache shared:SLL:10m;
ssl_session_timeout 5m;
location / {
proxy_pass http://zrlog;
include proxy_params;
}
}
# 80端口,重定向至443端口
server {
listen 80;
server_name zrlog.cyc.com;
return 302 https://$server_name$request_uri;
}
EOF
3.2、重新加载nginx
3.3、配置hosts
192.168.10.4 zrlog.cyc.com
3.4、测试访问
