由於需要,得搭建個nginx+tomcat+https的伺服器,搜了搜網上的發現總是有錯,現在整理了些有用的,備忘。 環境:Centos6.5、JDK1.8、Tomcat8、Nginx1.10.1準備材料:1.JDK1.8安裝包jdk-8u102-linux-x64.tar.gz 2.Tomcat8 ...
由於需要,得搭建個nginx+tomcat+https的伺服器,搜了搜網上的發現總是有錯,現在整理了些有用的,備忘。
環境:Centos6.5、JDK1.8、Tomcat8、Nginx1.10.1
準備材料:
1.JDK1.8安裝包jdk-8u102-linux-x64.tar.gz
2.Tomcat8安裝包apache-tomcat-8.0.37.tar.gz
3.Nginx1.10安裝包nginx-1.10.1.tar.gz
1、JDK安裝配置
解壓並安裝到/usr/local/jdk
[root@localhost ~]# tar zxvf jdk-8u102-linux-x64.tar.gz
[root@localhost ~]# mv jdk1.8.0_102 /usr/local/jdk
配置JDK環境變數
[root@localhost ~]# vi /etc/profile
在底部加入以下內容
JAVA_HOME=/usr/local/jdk JRE_HOME=$JAVA_HOME/jre CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH export JAVA_HOME JRE_HOME PATH CLASSPATH
應用環境變數
[root@localhost ~]# source /etc/profile
檢測是否成功,顯示版本說明成功
[root@localhost ~]# java -version
2、Tomcat安裝配置
解壓並安裝到/usr/local/tomcat
[root@localhost ~]# tar zxvf apache-tomcat-8.0.37.tar.gz
[root@localhost ~]# mv apache-tomcat-8.0.37 /usr/local/tomcat
預設tomcat是root身份運行的,這樣不安全,這裡設置普通用戶運行
[root@localhost ~]# groupadd tomcat [root@localhost ~]# useradd -g tomcat tomcat [root@localhost ~]# passwd tomcat [root@localhost ~]# chown tomcat.tomcat -R /usr/local/tomcat
運行tomcat
[root@localhost ~]# su - tomcat /usr/local/tomcat/bin/startup.sh
設置開機啟動
[root@localhost ~]# echo "su - tomcat /usr/local/tomcat/bin/startup.sh" >> /etc/rc.local
3、Nginx安裝配置
配置Nginx用戶
[root@localhost ~]# groupadd nginx
[root@localhost ~]# useradd -g nginx -s /sbin/nologin nginx
安裝依賴包
[root@localhost ~]# yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel gcc gcc-c++
解壓併進入文件夾內
[root@localhost ~]# tar zxvf nginx-1.10.1.tar.gz
[root@localhost ~]# cd nginx-1.10.1
配置安裝
[root@localhost nginx-1.10.1]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module
[root@localhost nginx-1.10.1]# make && make install
配置Nginx
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
這一步需要手動將ssl證書放入/usr/local/nginx/conf/目錄下,分別為cert.crt和cert.key文件
如果證書文件是其他格式,可以自行搜索轉換方法
如果無須配置https,更改443埠即可
nginx主配置文件
user nginx; worker_processes 1; error_log logs/error.log; pid logs/nginx.pid; events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 6 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; sendfile on; keepalive_timeout 65; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascripttext/css application/xml; gzip_vary on; server { listen 80; server_name www.domain.com; #修改功能變數名稱 return 301 https://$server_name$request_uri; #強制跳轉443埠 } server { listen 443 ssl; server_name www.domain.com; #修改功能變數名稱 ssl_certificate cert.crt; #導入證書 ssl_certificate_key cert.key; #導入證書 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /usr/local/tomcat/webapps/ROOT; index index.html index.jsp index.htm; } location ~ .*.jsp$ { index index.jsp; proxy_pass http://127.0.0.1:8080; } location /nginxstatus { stub_status on; access_log on; auth_basic "nginxstatus"; auth_basic_user_file /usr/local/nagois/etc/htpasswd.users; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
啟動伺服器
/usr/local/nginx/sbin/nginx
瀏覽器訪問出現小貓即成功。
