Nginx+Tomcat+JDK1.8 HTTP转换成HTTPS模式

1、环境使用的是oneinstack的Version 1.6.1

软件版本详细：(使用手册)

• Nginx1.12.0
• Tomcat7.0.77或8.0.43
• JDK1.8.0_12一、1.7.0_80、1.6.0_45
• MySQL5.6.36
• Redis3.2.8
• Memcached1.4.36
• Jemalloc4.5.0
• Pure-FTPd1.0.45

2、思路：tomcat不用配置SSL，只配置Nginx

3、具体方法

1.使用阿里云免费版DVSSL,申请方法省略，申请成功后切换

2.在Nginx的安装目录下建立cert目录，而且将下载的所有文件拷贝到cert目录中。

3.配置：

server {
    listen 443;
    server_name localhost;
    ssl on;
    access_log /data/wwwlogs/access_nginx.log combined;
    root /data/wwwroot/default;
    index index.html index.htm index.jsp;
    ssl_certificate   /usr/local/nginx/conf/cert/214179206610093.pem;
    ssl_certificate_key  /usr/local/nginx/conf/cert/214179206610093.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    error_page 404 /404.html;
    error_page 502 /502.html;

    location /nginx_status {
      stub_status on;
      access_log off;
      allow 127.0.0.1;
      deny all;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
      expires 30d;
      access_log off;
    }
    location ~ .*\.(js|css)?$ {
      expires 7d;
      access_log off;
    }
    location ~ {
      proxy_pass http://127.0.0.1:8080;
      include proxy.conf; 
    }
    location ~ /\.ht {
      deny all;
    }

}

4.重启nginx

附proxy.conf 内容：

proxy_connect_timeout 300s;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

注意：务必先确保开放了433端口

 

证书到期后更新证书替换证书文件：/usr/local/nginx/conf/cert