（https）nginx - tomcat（http）

实验拓扑

Nginx服务端进行配置

Nginx安装ssl模块

[root@xuegod175 nginx-1.8.0]# ./configure  --with-http_ssl_module  --with-pcre=/usr/local/src/pcre-8.37
[root@xuegod175 nginx-1.8.0]# make
[root@xuegod175 nginx-1.8.0]# make install
[root@xuegod175 nginx-1.8.0]# cd /usr/local/nginx/conf/

Openssl 加密

[root@xuegod175 conf]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..................................++++++
..........................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@xuegod175 conf]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BEIJING
Locality Name (eg, city) [Default City]:BEIJING
Organization Name (eg, company) [Default Company Ltd]:GNNT
Organizational Unit Name (eg, section) []:xuegod175.cn
Common Name (eg, your name or your server's hostname) []:xuegod175.cn
Email Address []:2444383196@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:GNNT
[root@xuegod175 conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BEIJING/L=BEIJING/O=GNNT/OU=xuegod175.cn/CN=xuegod175.cn/emailAddress=2444383196@qq.com
Getting Private key
Enter pass phrase for server.key:

Nginx 服务器进行配置

[root@xuegod175 conf]# egrep -v  "#|^$" nginx.conf >nginx.conf.bak
[root@xuegod175 conf]# cp nginx.conf.bak  nginx.conf
cp: overwrite `nginx.conf'? yes
[root@xuegod175 conf]# cat nginx.conf
user nginx nginx;
worker_processes  1;
events {
worker_connections  1024;
}
http {
include       mime.types;
default_type  application/octet-stream;
sendfile        on;
keepalive_timeout  65;
server {
listen         443 ssl;
server_name    xuegod175.cn;#域名
ssl_certificate      /usr/local/nginx/conf/server.crt;#证书路径
ssl_certificate_key   /usr/local/nginx/conf/server.key;#key路径
ssl_session_cache    shared:SSL:1m; #s储存SSL会话的缓存类型和大小
ssl_session_timeout  5m; #会话过期时间
ssl_ciphers  HIGH:!aNULL:!MD5; #为建立安全连接，服务器所允许的密码格式列表
ssl_prefer_server_ciphers  on; #依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码
location /     {
root     html;
index    index.html index.htm index.php;
}
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   html;
}
}
}
[root@xuegod175 conf]# /usr/local/nginx/sbin/nginx -s reload
Enter PEM pass phrase:123456

通过浏览进行访问测试

安装tomcat

配置jdk

Jdk的下载地址http://www.oracle.com/technetwork/java/javase/downloads/index.html
Tomcat的下载地址http://tomcat.apache.org/
[root@xuegod176~]# rpm -ivh jdk-8u60-linux-x64.rpm
[root@xuegod176~]# vim /etc/profile                                                                 //修改变量
export JAVA_HOME=/usr/java/jdk1.8.0_60/                     # JAVA_HOME变两个路径
export JAVA_BIN=/usr/java/jdk1.8.0_60/bin
export PATH=${JAVA_HOME}bin:$PATH                                 # 环境变量
export CLASSPATH=.:${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar   # 定义两个      类
[root@Xuegod176~]# source /etc/profile                                                  //加载环境变量使其立即生效
[root@Xuegod176~]#java -version
[root@Xuegod176~]#java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)

安装tomcat

[root@Xuegod176~]# tar xvf apache-tomcat-8.0.26.tar.gz -C /usr/local/
[root@Xuegod176~]# cd /usr/local/apache-tomcat-8.0.26/
[root@xuegod176 local]# mv   apache-tomcat-8.0.26/ tomcat/  为了方便启动
[root@xuegod176 ~]# chmod  -R 755 /etc/init.d/tomcat  赋予权限
[root@Xuegod176~]# vim /etc/init.d/tomcat
#!/bin/bash
# Tomcat init script for Linux
# chkconfig: 2345 96 14
# discription: The Apache Tomcat Server/JSP container
JAVA_OPTS='-server -Xms64m -Xmx128m'
JAVA_HOME=/usr/java/jdk1.8.0_60
CATALINA_HOME=/usr/local/tomcat
$CATALINA_HOME/bin/catalina.sh $*
[root@Xuegod176~]# chkconfig --add tomcat
[root@Xuegod176~]# chkconfig tomcat on
[root@Xuegod176~]# netstat -antup | grep 8080                                             //查看是否启动
tcp        0      0:::8080       :::*                 LISTEN      3154/java

测试Tomcat

配置实验

[root@xuegod175 ~]# cat /usr/local/nginx/conf/nginx.conf
user nginx nginx;
worker_processes  1;
events {
worker_connections  1024;
}
http {
include       mime.types;
default_type  application/octet-stream;
sendfile        on;
keepalive_timeout  65;
server {
listen         443 ssl;
server_name    xuegod175.cn;#域名
ssl_certificate      /usr/local/nginx/conf/server.crt;#证书路径
ssl_certificate_key   /usr/local/nginx/conf/server.key;#key路径
ssl_session_cache    shared:SSL:1m; #s储存SSL会话的缓存类型和大小
ssl_session_timeout  5m; #会话过期时间
ssl_ciphers  HIGH:!aNULL:!MD5; #为建立安全连接，服务器所允许的密码格式列表
location / {
root   html;
index  index.html index.htm;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.42.176; proxy_redirect default;
}
}
}
[root@xuegod175 ~]# /usr/local/nginx/sbin/nginx -s reload
Enter PEM pass phrase:

访问进行测试

注意：在访问测试之前  需要重启nginx 还有删除掉浏览器的缓存记录（不然很容易入坑。。。）

成功的访问到了192.168.42.176的界面 实验已经成功。