One, Nginx, tomcat configuration HTTPS
The premise is that the CA has been issued a certificate
First, Merge Certificate 1, assume the certificate file is as follows
Key files Server.key, certificates cacertificate-intermediate-1.crt, CACERTIFICATE-ROOT-2.CRT, and SERVERCERTIFICATE.CRT
2. Merge certificates with cat commands
Cd/application/nginx/ssl
Cat cacertificate-intermediate-1.crt>>servercertificate.crtcat cacertificate-root-2. crt>>servercertificate.crt
Second, Nginx reverse proxy certificate
/application/nginx/conf/vhost/oil_price_applet.conf
upstream oilprice.test {server localhost:8443;} server {Listen443; server_name oilprice.test.com; Root/www/html/Oil_price_applet; Access_log logs/Access.log Main; SSL on; Ssl_certificate/application/nginx/ssl/SERVERCERTIFICATE.CRT; Ssl_certificate_key/application/nginx/ssl/Server.key; Ssl_session_timeout 5m; Location/{root/www/html/Oil_price_applet; Index index.html index.htm index.php; Proxy_pass https://oilprice.test;Proxy_set_header Host $host; Proxy_set_header X-real-IP $remote _addr; Proxy_set_header REMOTE-HOST $remote _addr; Proxy_set_header X-forwarded-For $proxy _add_x_forwarded_for; Client_max_body_size 1000m; Client_body_buffer_size 1024k; Proxy_connect_timeout -; Proxy_send_timeout -; Proxy_read_timeout -; Proxy_buffer_size 1024k; Proxy_buffers41024k; Proxy_busy_buffers_size 1024k; Proxy_temp_file_write_size 1024k; Proxy_max_temp_file_size 128m; } Location~.*\. (PHP|PHP5)?$ {Root/www/html/Oil_price_applet; Fastcgi_pass127.0.0.1:9000; Fastcgi_index index.php; Include fastcgi.conf; }}
/application/nginx/conf/vhost/oil_price_applet.confThird, configure HTTPS generation KeyStore under Tomcat
Remember: Set the password
1. Convert X509 Cert and key to a PKCS12 file (convert the certificate and private key to a certificate in P12 format)
OpenSSL Pkcs12-export- in Servercertificate.crt-inkey server.key
2. Convert the pkcs12 file to a Java KeyStore (convert PKCS12-formatted certificate to Java KeyStore)
Keytool-importkeystore -deststorepass ctb+wzs1-destkeypass ctb+wzs1 -Destkeystore Server.keystore -srckeystore server.p12-srcstoretype pkcs12-srcstorepass ctb+wZs1 - Alias Some-alias
3. Configuring Tomcat
<connector port="8443"Protocol="Org.apache.coyote.http11.Http11NioProtocol"sslenabled="true"Scheme="HTTPS"Secure="true"Keystorefile="/application/nginx/ssl/server.keystore"Keystorepass="ctb+wzs1"Sslprotocol="TLS"uriencoding="Utf-8"/>
4. Restart Tomcat in effect
Nginx, tomcat configuration HTTPS