1.安装nginxcss
2.申请ssl证书,由于个人域名是阿里申请的,阿里有提供免费的证书,因此我就到对应的域名平台下生成证书就能够了nginx
填写相关信息提交阿里审核,审核经过后就能够下载证书密钥等信息了,由于咱们这里是对nginx配置,因此选择对应nginx证书下载。web
3.上面已经申请到证书,接下来就是对nginx进行配置:tomcat
首先80和443端口必须可用,在nginx的配置文件 conf下建一个文件夹cert存放申请下来的证书。如下是我nginx配置的两个ssl证书,若是你只要配置一个就删除一个server节点就能够了。服务器
server {session
listen 443;
server_name 你的域名;
ssl on;
root /usr/local/tomcat-shaoguan-mini/webapps/sgmini/;//项目的位置
location ~ .*\.(txt|js|css|jsp|png|jpg|JPEG)?$ {
proxy_pass http://localhost:8066;//代理端口
root /usr/local/tomcat-shaoguan-mini/webapps/sgmini/;
access_log off;
expires 0;
}
ssl_certificate cert/cert-1541409622473_sgmini.51educity.com.crt;
ssl_certificate_key cert/cert-1541409622473_sgmini.51educity.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8066;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 30m;
client_max_body_size 30m;
}
}
复制代码
server {app
listen 443;
server_name 你的域名;
ssl on;
root /usr/local/tomcat-zhuhai-mini/webapps/mini/;
location ~ .*\.(txt|js|css|jsp|png|jpg|JPEG)?$ {
proxy_pass http://localhost:8067;
root /usr/local/tomcat-zhuhai-mini/webapps/mini/;
access_log off;
expires 0;
}
ssl_certificate cert/cert-1541409603993_zhmini.51educity.com.crt;//证书路径
ssl_certificate_key cert/cert-1541409603993_zhmini.51educity.com.key;//证书密钥路径
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8067;//代理的端口
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 30m;
client_max_body_size 30m;
}
}
复制代码
server {webapp
listen 80;
rewrite ^(.*)$ https://$host$1 permanent;//重置到https
复制代码
}jsp
4.上域名管理平台作域名解析对应的服务器,而后启动nginx,访问你的域名就能够实现https访问了。spa