Centos6.x/Centos7.x都可用,tomcat此时已经启动,两个项目端口为8080,8082
yum install openssl nginx -y
#生成一个RSA私钥
openssl genrsa -des3 -out server.key 2048
#des3 是算法
#2048 位数/强度
#server.key 密钥文件名
#-out:生成文件的路径和名称
openssl req -new -key server.key -out server.csr
#-key:指定ca私钥
#-out: server.csr 生成证书文件
#要求填入以下信息:
Country Name (2 letter code) []:CN // 国家
State or Province Name (full name) []:BJ // 省份
Locality Name (eg, city) []:BJ // 城市
Organization Name (eg, company) []:bj // 组织机构
Organizational Unit Name (eg, section) []:bj // 机构部门
Common Name (eg, fully qualified host name) []:XXXX.com // 域名
Email Address []:[email protected] // 邮箱地址
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: // 证书密码,不设密码回车
#生成两个文件server.key server.csr
#生成CA证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
#x509: 指定格式
#-in: 指定请求文件
#-signkey: 自签名
#生成了一个文件为server.crt
cp server.key server.csr server.crt /etc/nginx
vim /etc/nginx/conf.d/default.conf
upstream xxxx_upstream {
server 127.0.0.1:8082;
}
upstream yyyy_upstream {
server 127.0.0.1:8080;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name 你的域名;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
location /xxxx {
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://xxxx_upstream/xxxx;
}
location /yyyy {
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://yyyy_upstream/yyyy;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server{
listen 443;
server_name 你的域名;
ssl on;
root /usr/share/nginx/html;
ssl_certificate server.crt;
ssl_certificate_key server.key;
location /xxxx {
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://xxxx_upstream/xxxx;
}
location /yyyy {
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://yyyy_upstream/yyyy;
}
}
注:以上配置文件中的xxxx,yyyy请自行替换自己对应的路径,复制粘贴的时候格式需要自己对齐
nginx -t
nginx -s reload
#可以使用https+域名访问了
#亲测无坑!