我就直接干活不废话:

配置文件nginx, nginx.conf

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;

upstream zrlog_com
{

server localhost:9999; //tomcat的IP: 端口号
}
server
{
listen 443 ssl;
server_name   域名或IP:端口号;
ssl on;

ssl_certificate /home/cert/4512926_nei.hantaitour.com.pem;
ssl_certificate_key /home/cert/4512926_nei.hantaitour.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;

location /
{
proxy_pass http://zrlog_com/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

}

大家一定要注意tomcat的配置文件,很重要!!!

<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">

<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->

<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->

<!---很重要我想说一定不要用默认8080端口,傻子都知道8080---->
<Connector port="9999" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->

<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">

<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->

<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>

<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">

<!---很重要它可以将你默认访问的指向到当前项目里面,代理访问后直接指向你的项目---->
<Context path="" docBase="webapps里面你的项目名称" reloadable="true" debug="0" privileged="true">
</Context>
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->

<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />

</Host>

<!---很重要它可以知道nginx 请求是https---->
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" />
</Engine>
</Service>
</Server>

每次启动项目时候,请你先清除tomcat的work缓存,不然你很难受!!!

Linux 配置nginx 代理tomcat,配置ssl的更多相关文章

  1. Nginx总结(五)如何配置nginx和tomcat实现反向代理

    前面讲了如何配置Nginx虚拟主机,大家可以去这里看看nginx系列文章:https://www.cnblogs.com/zhangweizhong/category/1529997.html 今天要 ...

  2. 如何配置nginx和tomcat实现反向代理?

    什么是反向代理         通常的代理服务器,只用于代理内部网络对Internet的连接请求,客户机必须指定代理服务器,并将本来要直接发送到Web服务器上的http请求发送到代理服务器中由代理服务 ...

  3. Linux中Nginx安装与配置详解

    转载自:http://www.linuxidc.com/Linux/2016-08/134110.htm Linux中Nginx安装与配置详解(CentOS-6.5:nginx-1.5.0). 1 N ...

  4. Nginx、Tomcat配置https

    一.Nginx.Tomcat配置https 前提就是已经得到了CA机构颁发的证书 一.合并证书 1.假设证书文件如下 秘钥文件server.key,证书CACertificate-INTERMEDIA ...

  5. Linux配置tomcat (centos配置java环境 tomcat配置篇 总结三)

    ♣下载安装tomcat7 ♣设置启动和关闭 ♣设置用户名和密码 ♣发布java web项目 声明:这篇教程是建立在前两篇教程的基础上的,所以,还没安装工具和jdk,可以先看这个系列的前面两篇(去到文末 ...

  6. ELK快速入门(五)配置nginx代理kibana

    ELK快速入门五-配置nginx代理kibana 由于kibana界面默认没有安全认证界面,为了保证安全,通过nginx进行代理并设置访问认证. 配置kibana [root@linux-elk1 ~ ...

  7. nginx代理路径配置总结

    一.发现问题 配置nginx代理的时候,发现location配置的路径和代理的上下文路径的组合不同,服务端接收到的uri的路径不同,导致了controller的RequestMapping匹配出现问题 ...

  8. nginx代理tomcat

    http://blog.csdn.net/kongqz/article/details/6838989 http://www.800l.com/linux-nginx-tomcat-jdk.html ...

  9. nginx代理tomcat后,tomcat获取真实(非proxy,非别名)nginx服务端ip端口的解决方案

    nginx代理tomcat后,tomcat获取服务端ip端口的解决方案 1.注意修改nginx配置代理,标红地方 #user nginx; worker_processes ; error_log l ...

  10. Ansible实战之Nginx代理Tomcat主机架构

    author:JevonWei 版权声明:原创作品 实验架构:一台nginx主机为后端两台tomcat主机的代理,并使用Ansible主机配置 实验环境 Nginx 172.16.252.82 Tom ...

随机推荐

  1. jar打包exe选型

    网上一搜有篇文章写了9中不同工具方法,最后使用launch4j,其实就一点开源免费. launch4j>bsd3协议(可免费商用),像exe4j需要license. 经过摸索终于搞定一键启动并且 ...

  2. zookeeper 选举流程源码解析

    在开始之前,我们先了解一下zookeeper集群角色,zookeeper中存在leader,follower, observer这么几个角色, leader, follower, 就类似与mysql ...

  3. C#中检测代码执行时间

    使用System.Diagnostics.Stopwatch, using System; using System.Diagnostics; using System.Threading; clas ...

  4. RSA 非对称加密

    原文链接:https://www.jianshu.com/p/d56a72013392 RSA 是一种非对称加密算法,在实际业务中经常使用此算法对数据进行加密.但是它的加解密速度较慢,不太适用于高并发 ...

  5. docker的使用以及常用命令

    查看docker镜像仓库中是否存在某个镜像,通常第一个或stars最多的就是我们要是使用的,以nginx为例 # 搜索一下是否存在该镜像文件 docker search nginx # 安装使用该镜像 ...

  6. Docker内容总结

    Docker内容总结目录什么是Docker?Docker的应用场景有哪些?Docker的优点有哪些?Docker与虚拟机的区别是什么?Docker的三大核心是什么?如何快速安装Docker?如何修改D ...

  7. PyMySQL更新

    title: PyMySQL更新 author: 杨晓东 permalink: PyMySQL更新 date: 2021-10-02 11:27:04 categories: - 投篮 tags: - ...

  8. 洛谷 P4454 [CQOI2018]破解D-H协议

    题目 https://www.luogu.com.cn/problem/P4454 杂题乱做ing... 思路 首先我们把式子列一下: \(g^a\equiv A(mod P)\) \(g^b\equ ...

  9. WPF侧边导航栏实现

    一.先看效果 1 添加Nuget库 站长使用.Net Core 3.1创建的WPF工程,创建"DropDownMenu"解决方案后,需要添加两个Nuget库:MaterialDes ...

  10. 方法综合练习:out、params、ref

    using System; namespace ConsoleApp1 { class Program { /// <summary> /// 求两个参数之间的最大值 /// </s ...