Because of the need, have to build a Nginx+tomcat+https server, search the discovery of the internet is always wrong, now sorted out some useful, memo.
Environment: Centos6.5, JDK1.8, Tomcat8, Nginx1.10.1
Preparation Material:
1.jdk1.8 installation Package jdk-8u102-linux-x64.tar.gz
2.TOMCAT8 installation Package apache-tomcat-8.0.37.tar.gz
3.NGINX1.10 installation Package nginx-1.10.1.tar.gz
1, JDK installation configuration
Unzip and install to/USR/LOCAL/JDK
[Root@localhost ~]# tar zxvf jdk-8u102-linux-x64.tar.gz
[root@localhost ~]# MV JDK1.8.0_102/USR/LOCAL/JDK
Configuring JDK Environment variables
[Root@localhost ~]# Vi/etc/profile
Add the following at the bottom
JAVA_HOME=/USR/LOCAL/JDK
jre_home= $JAVA _home/jre
classpath=.: $JAVA _home/lib: $JRE _home/lib: $CLASSPATH
path= $JAVA _home/bin: $JRE _home/bin: $PATH
export java_home jre_home PATH CLASSPATH
Apply Environment variables
[Root@localhost ~]# Source/etc/profile
Detection success, display version description successful
[Root@localhost ~]# Java-version
2. Tomcat installation Configuration
Unzip and install to/usr/local/tomcat
[Root@localhost ~]# tar zxvf apache-tomcat-8.0.37.tar.gz
[root@localhost ~]# MV apache-tomcat-8.0.37/usr/local/ Tomcat
The default tomcat is run as root, which is not secure, and this setting allows ordinary users to run
[Root@localhost ~]# groupadd Tomcat
[root@localhost ~]# useradd-g Tomcat Tomcat
[root@localhost ~]# passwd TOMCA T
[root@localhost ~]# chown tomcat.tomcat-r/usr/local/tomcat
Run Tomcat
[Root@localhost ~]# su-tomcat/usr/local/tomcat/bin/startup.sh
Setting up Boot
[Root@localhost ~]# echo "su-tomcat/usr/local/tomcat/bin/startup.sh" >>/etc/rc.local
3, Nginx installation configuration
Configure Nginx Users
[Root@localhost ~]# groupadd nginx
[root@localhost ~]# useradd-g nginx-s/sbin/nologin-Nginx
Install Dependency Pack
[root@localhost ~]# yum-y install zlib zlib-devel OpenSSL openssl-devel pcre pcre-devel gcc gcc-c++
Unzip and enter the folder
[Root@localhost ~]# tar zxvf nginx-1.10.1.tar.gz
[root@localhost ~]# CD nginx-1.10.1
Configure installation
[Root@localhost nginx-1.10.1]#./configure--prefix=/usr/local/nginx--with-http_ssl_module--with-http_gzip_static _module--with-http_stub_status_module
[root@localhost nginx-1.10.1]# make && make install
Configure Nginx
[Root@localhost ~]# vi/usr/local/nginx/conf/nginx.conf
This step requires that you manually place SSL certificates into the/usr/local/nginx/conf/directory, CERT.CRT and Cert.key files, respectively
If the certificate file is in another format, you can search for the conversion method yourself
If you do not need to configure HTTPS, change port 443
nginx The primary configuration file
User Nginx;
Worker_processes 1;
Error_log Logs/error.log;
PID Logs/nginx.pid; events {use Epoll; worker_connections 1024} http {include mime.types; Default_type Application/octet-stream; Log_forma T main ' $remote _addr-$remote _user [$time _local] "$request" "$status $body _bytes_sent" $http _referer "" "$http _user_ag
Ent "" $http _x_forwarded_for "";
Access_log Logs/access.log Main;
Proxy_redirect off;
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Client_max_body_size 10m;
Client_body_buffer_size 128k;
Proxy_connect_timeout 90;
Proxy_send_timeout 90;
Proxy_read_timeout 90;
Proxy_buffer_size 4k;
Proxy_buffers 6 32k;
Proxy_busy_buffers_size 64k;
Proxy_temp_file_write_size 64k;
Sendfile on;
Keepalive_timeout 65;
gzip on;
Gzip_min_length 1k;
Gzip_buffers 4 16k;
Gzip_http_version 1.0;
Gzip_comp_level 2;
Gzip_types Text/plain application/x-javascripttext/css Application/xml;
Gzip_vary on; server {Listen 80; server_name www.domain.com; #修改域名 return https://$server _name$request_uri; #强制跳转443端口} server {listen 443 SSL; server_name www.domain.com; #修改域名 ssl_certificate cert.crt; #导入证书 Ssl_certificate_ke Y Cert.key;
#导入证书 Ssl_session_cache shared:ssl:1m;
Ssl_session_timeout 5m; Ssl_ciphers high:!anull:!
MD5;
Ssl_prefer_server_ciphers on; Location/{root/usr/local/tomcat/webapps/root; index index.html index.jsp index.htm} location ~ *.jsp$ {Index Index
. jsp;
Proxy_pass http://127.0.0.1:8080; } location/nginxstatus {stub_status on; Access_log on; Auth_basic "Nginxstatus"; Auth_basic_user_file/usr/local/nagois
/etc/htpasswd.users;
} error_page 404/404.html;
Error_page 502 503 504/50x.html;
Location =/50x.html {root html;}} }
Start the server
/usr/local/nginx/sbin/nginx
The kitten is successful when the browser is visited.
The above is a small set to introduce the NGINX+TOMCAT+HTTPS server load balanced configuration practice solution, I hope to help you, if you have any questions please give me a message, small series will promptly reply to everyone. Here also thank you very much for the cloud Habitat Community website support!