Chinaunix首页 | 论坛 | 博客

Xiajc - 工作笔记xjc2694.blog.chinaunix.net

首页 |  博文目录 |  关于我

xjc2694

  • 博客访问: 3013670
  • 博文数量: 535
  • 博客积分: 15788
  • 博客等级: 上将
  • 技术积分: 6507
  • 用 户 组: 普通用户
  • 注册时间: 2007-03-07 09:11
文章分类

全部博文(535)

文章存档

2016年(1)

2015年(1)

2014年(10)

2013年(26)

2012年(43)

2011年(86)

2010年(76)

2009年(136)

2008年(97)

2007年(59)

我的朋友
最近访客
推荐博文
相关博文
nginx proxy https 和nginx tomcat ssl https

分类: 系统运维

2009-05-22 14:15:55

upstream ssl {
   server 10.254.223.82:443 weight=5;
}

    server {
                listen 443;
                server_name 174.129.188.25 localhost;

                ssl on;
                ssl_certificate /opt/server.crt;
                ssl_certificate_key /opt/server.key;


        location / {
                proxy_pass https://ssl;

        }

    }


后台的apache或nginx一样需要配置https,



如果后台为tomcat:
tomcat不需要配置ssl,在tomcat的文档中有说明,

It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself.

配置中有重写时,一定注意不要写成http,而是https

server {
        listen 443;
        server_name 192.168.3.172 localhost;

        root /usr/local/tomcat/webapps;
        index index.html index.htm index.jsp;

        ssl on;
        ssl_certificate server.crt;
        ssl_certificate_key server.key;

        ssl_session_timeout 5m;

        ssl_protocols SSLv2 SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers on;


        if (-d $request_filename)
                {
                 rewrite ^/(.*)([^/])$ https://$host/$1$2/ permanent;
         }

        location / {
            proxy_pass http://localhost:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }


    }




阅读(3737) | 评论(0) | 转发(0) |
0

上一篇:Install and Configure FTP Server in Amazon EC2 ins

下一篇:关于firefox 访问https sec_error_unknown_issuer

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6