SSL Certificate and http2.0

Source: Internet
Author: User
Tags ssl certificate

Demand:
1. For HTTPS certificate on-line test, the office environment needs to pass HTTPS test website, external environment all go HTTP access.
2. Configure using the Web side
Architecture:
Nginx + multiple Tomcat

Upstream Test {server 172.16.9.203:8080 weight=2;                Server 172.16.9.204:8080 weight=2;        Server 172.16.9.205:8080 weight=3;        }server {Listen 80;       server_name www.test.com;                Location/{Proxy_pass http://test/;                Proxy_read_timeout 300;                Proxy_set_header Host $http _host;        Proxy_set_header X-real-ip $remote _addr;        if ($remote _addr!~ ^172\.16\.9\.226|172\.16\.9\.244) {# rewrite ^ (. *) https://$host $ permanent;        Return 302 https://www.test.com$request_uri;# error_page https://$host $uri? $args;        }}}server {Listen 443;        server_name www.test.com;        SSL on;        SSL_CERTIFICATE/ETC/NGINX/CONF/KEY/SERVER.PEM;        Ssl_certificate_key/etc/nginx/conf/key/server.key;        Ssl_session_timeout 5m;        Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Ssl_ciphers high:! rc4:! md5:!anull:!enull:! Null:! Dh:! edh:!        Exp:+medium;        Ssl_prefer_server_ciphers on;                Location/{Proxy_pass http://test/;                Proxy_read_timeout 300;                Proxy_set_header Host $http _host;       Proxy_set_header X-real-ip $remote _addr; } # Location ~. *\.      (GIF|JPG|JPEG|PNG|BMP|SWF|FLV|ICO|JS|CSS) $ {# Root/data/tomcat/webapps;      # expires 1d;    #} Access_log/var/log/nginx/www.test.com.access.log main;    #error_page 404/404.html;    Error_page 502 503 504/50x.html;    Location =/50x.html {root/usr/local/nginx/html;    } #location ~/\.ht {# deny all; #}}

Need to test whether successful, generally will be successful, here we do is 302 temporary jump, if you do a permanent jump can see the part of the note.
If the front end has a CDN
This configuration is required (the log configuration in main needs to be configured according to the Http_x_forwarded_for returned by the CDN vendor)

As the addition of certificates will bring system resources consumption and bandwidth consumption, while transmission performance has an impact, so generally with HTTPS, after the use of HTTP2.0 protocol communication (Http2.0,nginx need to compile--with-http_v2_module, This performance aspect needs to be tested, which is only my personal guess. To learn more, please refer to the HTTP2.0 protocol)

SSL Certificate and http2.0

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.