nginx部署https反向代理tomcat

上次部署https时没有记录,这次专门记录一下

首先申请证书……略

nginx配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
server {
listen 80;
# 监听443端口
listen 443 ssl;
#这里是填你的域名
server_name stonewuu.com www.stonewuu.com;
#charset koi8-r;
#这里为证书路径以及证书的配置
ssl_certificate /etc/letsencrypt/live/stonewuu.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stonewuu.com/privkey.pem;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#301重定向,将所有http请求重定向为https
if ($scheme = http) {
return 301 https://$host$request_uri;
}
#这里为lets encrypt证书需要的验证文件
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /opt/tomcat-8.5.9/blog_data;
}

#这里防止用户访问到lets encrypt验证文件的目录
location = /.well-known/acme-challenge/ {
return 404;
}
# 反向代理,指向tomcat的地址
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8080;
}

}
作者

StoneWu

发布于

2017-07-10

更新于

2023-02-15

许可协议

评论