The schema I am using is
Operating system centos7
nginx does load balancing,
tomcat provides services
The certificate is downloaded from Tencent Cloud for free. It seems that a domain name is required.
first step, prepare
Prepare the certificate
,
Entering the nginx directory is the certificate.
install nginx,
I directly follow
https://www.linuxidc.com/Linux/2016-09/134907.htm
This address is installed (note that there are pits here).
To use https to install the ssl module, use the following statement when compiling
./configure --prefix=/usr/local/nginx --with-http_ssl_module
Others are the same as the above blog. (I didn't add the ssl module at that time, and it couldn't be successful in the end. It is more troublesome to do nginx upgrade)
Then upload my certificate to the /usr/local/nginx/conf directory,
Modify our configuration file nginx.conf
//Define a load balancer, where multiple nodes can be added, I only have one
upstream local_tomcat { server localhost:8080; } //Configure http to https server { listen 80; server_name www.iyousi.club; rewrite ^(.*) https://$host$1 permanent; } //Configuration of https server { listen 443; server_name www.domain.com; ssl on; ssl_certificate 1_www.iyousi.club_bundle.crt; ssl_certificate_key 2_www.iyousi.club.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE -RSA-AES128-GCM-SHA256: HIGH:! aNULL:! MD5:! RC4:! DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://local_tomcat; } }
Probably the configuration is like this. Maybe some pits have not been found,
Record it first, I'm afraid I'll forget it