Tomcat+Nginx+HTTPS-实战

Tomcat-学习目录

1、环境准备

1.1、主机准备

tomcat1 192.168.10.5
tomcat2 192.168.10.7
nginx     192.168.10.4

1.2、环境部署

2、Openssl-pfx格式证书转换成key和crt

2.1、复制pfx证书到nginx服务器上

tomcat01 ~]# scp /usr/local/tomcat/ssl/20230503.pfx root@192.168.10.4:~

2.2、创建存放证书的目录

mkdir /etc/nginx/ssl

2.3、openssl-pfx格式证书转换成pem、key、crt

2.4、查看证书目录

]# ll /etc/nginx/ssl
-rw-r--r-- 1 root root 1204 May  4 09:58 20230503.crt
-rw-r--r-- 1 root root 1675 May  4 09:57 20230503.key
-rw-r--r-- 1 root root 3261 May  4 09:54 20230503.pem

3、Nginx配置https

3.1、nginx配置

cat >/etc/nginx/conf.d/zrlog.cyc.com.conf<<'EOF'
upstream zrlog {
  server 192.168.10.5:8080 max_fails=2 fail_timeout=10s;
  server 192.168.10.7:8080 max_fails=2 fail_timeout=10s;
}
server {
  listen 443;
  server_name zrlog.cyc.com;

  ssl on;
  ssl_certificate ssl/20230503.crt;
  ssl_certificate_key ssl/20230503.key;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  keepalive_timeout 60s;
  ssl_session_cache shared:SLL:10m;
  ssl_session_timeout 5m;
  location / {
    proxy_pass http://zrlog;
    include proxy_params;
  }
}
# 80端口,重定向至443端口
server {
  listen 80;
  server_name zrlog.cyc.com;
  return 302 https://$server_name$request_uri;
}
EOF

3.2、重新加载nginx

systemctl reload nginx

3.3、配置hosts

192.168.10.4 zrlog.cyc.com

3.4、测试访问 

 

posted @ 2023-05-04 10:22  小粉优化大师  阅读(161)  评论(0编辑  收藏  举报