nginx+tomcat+https部署记录
2017-08-18 本文已影响110人
codeMan_6616
1.环境说明
win7 64位系统
nginx-1.9.4
apache-tomcat-7.0.63
2.openssl生成证书
#key的生成
openssl genrsa -des3 -out server.key 2048
#生成没有密码的key
openssl rsa -in server.key -out server.key
#生成CA的crt
openssl req -new -x509 -key server.key -out server.crt -days 3650
3.修改配置
nginx.conf
upstream tomcat {
server 127.0.0.1:8080 fail_timeout=0;
}
# HTTPS server
server {
listen 443 ssl;
server_name localhost;
ssl_certificate E:\wcp-web\server.crt;
ssl_certificate_key E:\wcp-web\server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
root html;
index index.html index.htm;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://tomcat;
}
}
tomcat,server.xml
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" proxyPort="443" />
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
<Context path="" reloadable="false" docBase="E:\wcp-web" workDir="E:\wcp-web"/>
</Host>
4.启动
启动tomcat
startup.bat
启动Nginx
cmd
cd D:\nginx-1.9.4
D:\nginx-1.9.4>nginx
停止Nginx
D:\nginx-1.9.4>nginx -s stop
5.访问
https://localhost/
6.备注
windows下 nginx 配置ssl的key是不能存储密码的,否则启动时会提示输入密码
输入后也启动不起来,会报错:
2011/04/18 09:49:09 [alert] 1992#4548: the event "ngx_master_1992" was
not signaled for 5s
解决方案是将密码刨掉,用法:
openssl rsa -in server.key -out server.key
