nginx+tomcat配置https的方法

nginx+tomcat配置https的方法

场景

开发过小程序的都知道，小程序里规定了必须使用https协议。而我的服务器是使用nginx做前端代理分发，tomcat处理请求。

因此，需要在nginx反向代理tomcat的基础上配置https。

方法

nginx+tomcat配置https的方法有两种：

• nginx配置https，tomcat也配置https

• nginx配置https，tomcat采用http

本文使用的是第二种方法，关于第一种方法可以参考（不保证正确）：https://www.jb51.net/article/131766.htm

1. 配置nginx

打开*/nginx/conf/nginx.conf，修改成如下：

#注意：不需要的语句最好不要删除，使用#注释即可
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    upstream tomcat {
        server 127.0.0.1:8080 weight=1;
    }

    #gzip  on;

    # HTTP server
    server {
        listen       80;
        server_name  www.amongthecrowd.cn;
        rewrite ^(.*)$ https://$host$1 permanent;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }


    # HTTPS server
    #
    server {
       listen       443 ssl;
       server_name  www.amongthecrowd.cn;

       ssl on;  
       ssl_certificate      /home/ubuntu/ssl/server.pem;
       ssl_certificate_key  /home/ubuntu/ssl/server.key;

       ssl_protocols    TLSv1 TLSv1.1 TLSv1.2;
       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m;

       #ssl_ciphers  HIGH:!aNULL:!MD5;
       ssl_ciphers  ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;
       ssl_prefer_server_ciphers  on;

       location / {
           # root   html;
           # index  index.html index.htm;
           proxy_http_version           1.1;
           proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;  
           proxy_set_header  Host $host;
           proxy_set_header  X-Real-IP       $remote_addr; 
           proxy_set_header  Connection "";  
           proxy_set_header X-Forwarded-Proto https;  
           proxy_redirect off;  
           client_max_body_size       100m;  
           client_body_buffer_size    256k;  
           proxy_connect_timeout      60;  
           proxy_send_timeout         30;  
           proxy_read_timeout         30;  
           proxy_buffer_size          8k;  
           proxy_buffers            4 64k;  
           proxy_busy_buffers_size    64k;  
           proxy_temp_file_write_size 64k;  
           # note, there is not SSL here! plain HTTP is used  
           proxy_pass http://tomcat;
       }

       error_page 404 /404.html;  
        location = /40x.html {  
        }  

        error_page 500 502 503 504 /50x.html;  

        location = /50x.html {  
        }  
    }

    map $scheme $proxy_port {
    "http"  "7070";
    "https" "7071";
    default "7070";
}

1. 配置tomcat

打开/apache-tomcat-**/conf/server.xml

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443"  
               proxyPort="443"/>

<Valve className="org.apache.catalina.valves.AccessLogValve" 
               directory="logs"
               prefix="localhost_access_log." suffix=".txt"
               pattern="%h %l %u %t %r %s %b" />

<Valve className="org.apache.catalina.valves.RemoteIpValve"  
                  remoteIpHeader="x-forwarded-for"  
                   remoteIpProxiesHeader="x-forwarded-by"  
                   protocolHeader="x-forwarded-proto" /> 

1. 重启nginx，重启tomcat

#重启nginx
#进入nginx的sbin目录中

./sbin/nginx -reload 

#在 ubuntu中也可以
sudo service nginx stop
sudo service nginx start

#重启tomcat
#进入tomcat的bin目录中

./bin/shutdown.sh
./bin/startup.sh

#在 ubuntu中也可以
sudo service tomcat stop
sudo service tomcat start

参考

http://blog.51cto.com/784687488/1828908