Chinaunix首页 | 论坛 | 博客
  • 博客访问: 3050046
  • 博文数量: 535
  • 博客积分: 15788
  • 博客等级: 上将
  • 技术积分: 6507
  • 用 户 组: 普通用户
  • 注册时间: 2007-03-07 09:11
文章分类

全部博文(535)

文章存档

2016年(1)

2015年(1)

2014年(10)

2013年(26)

2012年(43)

2011年(86)

2010年(76)

2009年(136)

2008年(97)

2007年(59)

分类: 系统运维

2009-05-22 14:15:55

upstream ssl {
   server 10.254.223.82:443 weight=5;
}

    server {
                listen 443;
                server_name 174.129.188.25 localhost;

                ssl on;
                ssl_certificate /opt/server.crt;
                ssl_certificate_key /opt/server.key;


        location / {
                proxy_pass https://ssl;

        }

    }


后台的apache或nginx一样需要配置https,



如果后台为tomcat:
tomcat不需要配置ssl,在tomcat的文档中有说明,

It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself.

配置中有重写时,一定注意不要写成http,而是https

server {
        listen 443;
        server_name 192.168.3.172 localhost;

        root /usr/local/tomcat/webapps;
        index index.html index.htm index.jsp;

        ssl on;
        ssl_certificate server.crt;
        ssl_certificate_key server.key;

        ssl_session_timeout 5m;

        ssl_protocols SSLv2 SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers on;


        if (-d $request_filename)
                {
                 rewrite ^/(.*)([^/])$
https://$host/$1$2/ permanent;
         }

        location / {
            proxy_pass http://localhost:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }


    }




阅读(3789) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~