tomcat与nginx的整合&nginx 配置https
2015-10-23 15:48
525 查看
一.安装Tomcat和jdk 1.安装jdk # tar xvf jdk1.6.0_11.tar # mv jdk1.6.0_11 /usr/local/ 配置环境变量 # vim /etc/profile 添加 JAVA_HOME=/usr/local/jdk1.6.0_11 export JAVA_HOME CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar export CLASSPATH PATH=$JAVA_HOME/bin:$PATH export PATH # sourse /etc/profile # echo $JAVA_HOME /usr/local/jdk1.6.0_11 2.安装tomcat # tar zxvf apache-tomcat-6.0.29.tar.gz # mv apache-tomcat-6.0.29 /usr/local/tomcat6 3.启动tomcat # /usr/local/tomcat6/bin/startup.sh Using CATALINA_BASE: /usr/local/tomcat6 Using CATALINA_HOME: /usr/local/tomcat6 Using CATALINA_TMPDIR: /usr/local/tomcat6/temp Using JRE_HOME: /usr/local/jdk1.6.0_11 # ps aux | grep tomcat root 12717 0.5 12.3 220452 31588 pts/0 Sl 19:24 0:02 /usr/local/jdk1.6.0_11/bin/java -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/usr/local/tomcat6/conf/logging.properties -Djava.endorsed.dirs=/usr/local/tomcat6/endorsed -classpath :/usr/local/tomcat6/bin/bootstrap.jar -Dcatalina.base=/usr/local/tomcat6 -Dcatalina.home=/usr/local/tomcat6 -Djava.io.tmpdir=/usr/local/tomcat6/temp org.apache.catalina.startup.Bootstrap start root 13187 0.0 0.2 5072 708 pts/0 R+ 19:31 0:00 grep tomcat 启动成功! 4.访问测试 http://192.168.2.150:8080 会看到tomcat的主页 5.修改配置文件 # pwd /usr/local/tomcat6/conf # vim server.xml <Connector port="8080" protocol="HTTP/1.1" 端口设置 <Host name="localhost" appBase="webapps" 家目录,页面文件要放在webapps/ROOT下面 将家目录改成/www/web/ <Host name="localhost" appBase="/www/web" # mkdir -p /www/web/ROOT # vim /www/web/ROOT/index.jsp Hello,tomcat home! 重启tomcat,再次访问 改变访问 改变家目录的访问默认文件 # vim web.xml <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> </welcome-file-list> 二.nginx安装配置 1.安装支持正则的pcre模块 # rpm -ivh pcre-devel-6.6-2.el5_1.7.i386.rpm 2.安装nginx # tar zxvf nginx-0.7.62.tar.gz # cd nginx-0.7.62 # ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module # make # make install 3.启动nginx # /usr/local/nginx/sbin/nginx 4.访问nginx(默认为80端口) http://192.168.2.150 三.nginx与tomcat整合 1. 在/usr/local/nginx/conf下面添加文件proxy.conf # cat /usr/local/nginx/confg/proxy.conf proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #获取真实IP #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #获取代理者的真实ip client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; 2.配置nginx.conf # cat /usr/local/nginx/confg/nginx.conf user www www; worker_processes 1; pid /usr/local/nginx/logs/nginx.pid; events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; include /usr/local/nginx/conf/proxy.conf; #一定要指向代理文件 sendfile on; tcp_nopush on; keepalive_timeout 65; server { listen 80; server_name localhost; charset gb2312; location / { root /www/web/ROOT; index index.html index.htm; } location ~ .*.jsp$ { #匹配以jsp结尾的,tomcat的网页文件是以jsp结尾 index index.jsp; proxy_pass http://127.0.0.1:8080; #主要在这里,设置一个代理 } location /nginxstatus { stub_status on; access_log on; auth_basic "nginxstatus"; auth_basic_user_file /usr/local/nagois/etc/htpasswd.users; } # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } } 3.测试 在/www/web/ROOT下添加文件index.html # cat index.html the port:80 重启nginx http://192.168.2.150 http://192.168.2.150:8080 http://192.168.2.150/index.jsp |
nginx 配置https同事测试一ssl加密接口,但是负责该接口的同事有事请假了没在,所以我就临时给配置了一个https服务,写了一个简单接口供同事使用,配置nginx的https记录一下:一、生成私钥和证书 创建带密钥口令的私钥 root@mysqlmaster:/tmp# openssl genrsa -des3 -out ng.key 1024 Generating RSA private key, 1024 bit long modulus ........++++++ ...........................................++++++ e is 65537 (0x10001) Enter pass phrase for ng.key: 输入口令 Verifying - Enter pass phrase for ng.key: 确认口令 二、创建csr文件 root@mysqlmaster:/tmp# openssl req -new -key ng.key -out ng.csr Enter pass phrase for ng.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:国家 如cn,hk State or Province Name (full name) [Some-State]:州或省的名称 如Beijing Locality Name (eg, city) []:什么地方级别,是城市还是乡镇 Organization Name (eg, company) [Internet Widgits Pty Ltd]:什么组织,如公司,政府 Organizational Unit Name (eg, section) []:组织单位名称 Common Name (eg, YOUR name) []:名字 Email Address []:邮件地址 Please enter the following 'extra' attributes 额外信息 to be sent with your certificate request A challenge password []: 复杂密码 An optional company name []: 1,创建私钥(去除密钥口令) openssl rsa -in ng.key -out server.key 输入口令 2,创建CA证书 openssl req -new -x509 -days 3650 -key server.key -out server.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: 和上面的步骤差不多,根据提示输入证书的信息,国家,管理人邮件,姓名,城市等 三、修改nginx配置文件 root@mysqlmaster:/tmp# cp server.crt server.key /etc/nginx/ 默认需要证书放到nginx/conf/目录,那么 vi /etc/nginx/nginx.conf 增加 server{ listen 443; server_name localhost; ssl on; ssl_certificate server.crt; #证书 ssl_certificate_key server.key; #私钥 location / { root html; index index.html index.htm; } } root@mysqlmaster:/tmp# service nginx restart 重启服务 #Nginx |
相关文章推荐
- LXC 配置网络
- 百度云管家上传大文件网络异常时自动重启
- Delete All Umbraco Members by SQL Script (转自http://staheri.com/my-blog/2015/july/delete-all-umbraco-members-by-sql-script/)
- python http请求
- 网络端口扫描技术详细介绍
- 阮一峰的网络日志 ---技术博客
- 神经网络算法
- TCP/IP、Http、Socket的区别
- 使用AsyncTask 实现网络请求及PullToRefreshListView下拉刷新
- 人工神经网络总结
- [php] thinkphp基于Http类 下载文件
- HttpClient中的 Get 和 Post (一个待优化的WebUtil)
- HTTPS
- This request has been blocked; the content must be served over HTTPS.
- httpclient4.5 的一些细节
- android使用asynchttp网络请求服务器返回json数据并显示在手机
- http://www.cnblogs.com/puresoul/p/4828913.html
- HTTP Header 详解
- POJ 2391 最大流 二分 拆点 floyd
- wireshark添加tcp.stream列