我就直接干活不废话:

配置文件nginx, nginx.conf

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;

upstream zrlog_com
{

server localhost:9999; //tomcat的IP: 端口号
}
server
{
listen 443 ssl;
server_name   域名或IP:端口号;
ssl on;

ssl_certificate /home/cert/4512926_nei.hantaitour.com.pem;
ssl_certificate_key /home/cert/4512926_nei.hantaitour.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;

location /
{
proxy_pass http://zrlog_com/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

}

大家一定要注意tomcat的配置文件,很重要!!!

<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">

<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->

<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->

<!---很重要我想说一定不要用默认8080端口,傻子都知道8080---->
<Connector port="9999" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->

<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">

<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->

<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>

<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">

<!---很重要它可以将你默认访问的指向到当前项目里面,代理访问后直接指向你的项目---->
<Context path="" docBase="webapps里面你的项目名称" reloadable="true" debug="0" privileged="true">
</Context>
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->

<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />

</Host>

<!---很重要它可以知道nginx 请求是https---->
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" />
</Engine>
</Service>
</Server>

每次启动项目时候,请你先清除tomcat的work缓存,不然你很难受!!!

Linux 配置nginx 代理tomcat,配置ssl的更多相关文章

  1. Nginx总结(五)如何配置nginx和tomcat实现反向代理

    前面讲了如何配置Nginx虚拟主机,大家可以去这里看看nginx系列文章:https://www.cnblogs.com/zhangweizhong/category/1529997.html 今天要 ...

  2. 如何配置nginx和tomcat实现反向代理?

    什么是反向代理         通常的代理服务器,只用于代理内部网络对Internet的连接请求,客户机必须指定代理服务器,并将本来要直接发送到Web服务器上的http请求发送到代理服务器中由代理服务 ...

  3. Linux中Nginx安装与配置详解

    转载自:http://www.linuxidc.com/Linux/2016-08/134110.htm Linux中Nginx安装与配置详解(CentOS-6.5:nginx-1.5.0). 1 N ...

  4. Nginx、Tomcat配置https

    一.Nginx.Tomcat配置https 前提就是已经得到了CA机构颁发的证书 一.合并证书 1.假设证书文件如下 秘钥文件server.key,证书CACertificate-INTERMEDIA ...

  5. Linux配置tomcat (centos配置java环境 tomcat配置篇 总结三)

    ♣下载安装tomcat7 ♣设置启动和关闭 ♣设置用户名和密码 ♣发布java web项目 声明:这篇教程是建立在前两篇教程的基础上的,所以,还没安装工具和jdk,可以先看这个系列的前面两篇(去到文末 ...

  6. ELK快速入门(五)配置nginx代理kibana

    ELK快速入门五-配置nginx代理kibana 由于kibana界面默认没有安全认证界面,为了保证安全,通过nginx进行代理并设置访问认证. 配置kibana [root@linux-elk1 ~ ...

  7. nginx代理路径配置总结

    一.发现问题 配置nginx代理的时候,发现location配置的路径和代理的上下文路径的组合不同,服务端接收到的uri的路径不同,导致了controller的RequestMapping匹配出现问题 ...

  8. nginx代理tomcat

    http://blog.csdn.net/kongqz/article/details/6838989 http://www.800l.com/linux-nginx-tomcat-jdk.html ...

  9. nginx代理tomcat后,tomcat获取真实(非proxy,非别名)nginx服务端ip端口的解决方案

    nginx代理tomcat后,tomcat获取服务端ip端口的解决方案 1.注意修改nginx配置代理,标红地方 #user nginx; worker_processes ; error_log l ...

  10. Ansible实战之Nginx代理Tomcat主机架构

    author:JevonWei 版权声明:原创作品 实验架构:一台nginx主机为后端两台tomcat主机的代理,并使用Ansible主机配置 实验环境 Nginx 172.16.252.82 Tom ...

随机推荐

  1. VMware vSphere Client(4.1/5.0/5.1/5.5/6.0) 客户端下载地址

    前言 VMware作为商业虚拟化方案的佼佼者不知不觉中已经成长为一颗苍天大树,面对OpenStack和Docker的夹击希望VMware可以继续勇往直前,从vSphere 6.5开始终于彻底告别Cli ...

  2. NSQ(8)-有赞相关改进

    如何保证消息队列的高可用(HA) NSQ 本身就是一个分布式消息队列,且支持水平扩展,无单点故障,能在无中断的情况下无缝添加集群结点. nsq用到了集群去保证整个服务的高可用,但并不能保证单个topi ...

  3. 修改 Ubuntu 的软件源

    1.将 /etc/apt/ 路径下的 sources.list 的内容修改为如下内容(此内容为 Ubuntu Kylin 里面的内容,直接拿过来用,也可以用其它的国内的源). deb http://m ...

  4. leedcode题目 :罗马数字转整数 Java

    罗马数字包含以下七种字符: I, V, X, L,C,D 和 M. 例如, 罗马数字 2 写做 II ,即为两个并列的 1.12 写做 XII ,即为 X + II . 27 写做  XXVII, 即 ...

  5. PyTables学习 (数据保存形式,对象树结构)

    参考自http://www.pytables.org/usersguide/introduction.html PyTables的主要目的是提供一个好的操作HDF5文件的方法. HDF文件是分层数据格 ...

  6. object-fit: cover;

    加上之后,改变宽高,图片还是原来的比例 没加上的话,改变宽高,图片会跟着伸缩变形.

  7. as8051入门

    汇编例子 MAIN: MOV R0, #16 MOV R1, #16 LOOP: MOV A, R1 MOV @R0,A MOV A,0x0 MOV A, @R0 MOV SBUF, A INC R0 ...

  8. Little Girl and Maximum Sum CodeForces - 276C - 差分

    给定一个数列 \(a= { a_1,a_2,...,a_n }\) 以及 \(q\) 次查询. 其中第 \(i\) 次查询如同:\(l_i, r_i\),意指求 \(\sum_{j=l_i}^{r_i ...

  9. Eureka服务端创建及服务注册

    一.Eureka服务端创建 1. 引入依赖:pom.xml <!-- eureka 服务端 --> <dependency> <groupId>org.spring ...

  10. ES6 - 参数默认值

    1.形参初始值, 具有默认值的参数,一般位置要靠后(潜规则) function add(a,b,c=10){ return a + b + c; } let resutl = add(1,2); // ...