https ngnix
来源:互联网 发布:梦幻西游数据错误 编辑:程序博客网 时间:2024/05/22 06:22
第一步:阿里云申请云盾证书服务
第二步:下载证书
第三步:修改Nginx配置
1. 证书文件214033834890360.pem,包含两段内容,请不要删除任何一段内容。
2. 如果是证书系统创建的CSR,还包含:证书私钥文件214033834890360.key。
( 1 ) 在Nginx的安装目录下创建cert目录,并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件,请将对应的私钥文件放到cert目录下并且命名为214033834890360.key;
( 2 ) 打开 Nginx 安装目录下 conf 目录中的 nginx.conf 文件,找到:
worker_processes 4;error_log logs/error.log crit; #日志位置和日志级别pid logs/nginx.pid;worker_rlimit_nofile 65535;events {worker_connections 65535;}http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 65;upstream backend {#ip_hash;server 172.17.0.3:8080 weight=1 max_fails=2 fail_timeout=2;server 172.17.0.4:8080 weight=1 max_fails=2 fail_timeout=2;}upstream mgr {#ip_hash;server 172.17.0.7:8080 weight=1 max_fails=2 fail_timeout=2;}server { listen 443; server_name localhost; ssl on; root html; index index.html index.htm; ssl_certificate cert/214031620150360.pem; ssl_certificate_key cert/214031620150360.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;location / { proxy_pass http://backend; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ### Set headers #### proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Most PHP, Python, Rails, Java App can use this header ### proxy_set_header X-Forwarded-Proto https; ### By default we don't want to redirect it #### proxy_redirect off; }location /test/ { proxy_pass http://172.17.0.5:8080; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ### Set headers #### proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Most PHP, Python, Rails, Java App can use this header ### proxy_set_header X-Forwarded-Proto https; ### By default we don't want to redirect it #### proxy_redirect off; }location /dev/ { proxy_pass http://172.17.0.6:8080; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ### Set headers #### proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Most PHP, Python, Rails, Java App can use this header ### proxy_set_header X-Forwarded-Proto https; ### By default we don't want to redirect it #### proxy_redirect off; }location /pre/ { proxy_pass http://mgr; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ### Set headers #### proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Most PHP, Python, Rails, Java App can use this header ### proxy_set_header X-Forwarded-Proto https; ### By default we don't want to redirect it #### proxy_redirect off;}}}
修改Tomcat配置
新增配置项:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For"protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>
第四步:启动Nginx
/usr/local/nginx/nginx
第五步:测试https域名
OK
http 跳转https
server {
listen 80;
server_name 127.0.0.1;
rewrite ^ https://$http_host$request_uri? permanent;
}
阅读全文
0 0
- https ngnix
- ngnix
- 关于Ngnix配置HTTPS后,静态资源还是请求http
- ngnix做Https访问设置及依据URL后缀分流访问
- 【ngnix】ngnix源代码分析
- ngnix location
- ngnix安装
- ngnix 配置
- ngnix配置文件
- Ngnix学习
- ngnix fanxiangdaili
- ngnix学习
- ngnix 搭建
- ngnix架构
- ngnix学习
- ngnix配置
- ngnix笔记
- ngnix命令
- Android Selector选择器点击按下之后没有出现预想的效果
- codeforces 817C
- BZOJ 1046: [HAOI2007]上升序列 LIS
- tensorflow 源码编译安装以及遇到的一些错误
- paxos算法
- https ngnix
- Axure RP 8 基础教程-中继器列表的增删
- 算法学习笔记12-任意进制数的转换
- hashCode与equals的区别与联系详解
- 从源码理解Spring原理,并用代码实现简易Spring框架
- struts2入门学习
- 什么是路由?
- Hibernate入门学习之配置文件的理解
- 备注