The first step: Ali cloud applications cloud shield Certificate Services
Step two: Download certificate
The third step: Modify Nginx configuration
1. The certificate file 214033834890360.pem, contains two paragraphs, do not remove any piece of content.
2. If the CSR certificate system is created, further comprising: a certificate private key file 214033834890360.key.
(1) Create a directory under Nginx cert installation directory, and copy all the files downloaded to the cert directory. If the application for a certificate is CSR files you created, set the corresponding private key file into the directory and name under cert 214033834890360.key;
(2) Open the file nginx.conf Nginx installation directory conf directory, found:
worker_processes 4; error_log logs/error.log crit; #日志位置和日志级别 pid logs/nginx.pid; worker_rlimit_nofile 65535; events { worker_connections 65535; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream backend { #ip_hash; server 172.17.0.3:8080 weight=1 max_fails=2 fail_timeout=2; server 172.17.0.4:8080 weight=1 max_fails=2 fail_timeout=2; } upstream mgr { #ip_hash; server 172.17.0.7:8080 weight=1 max_fails=2 fail_timeout=2; } server { listen 443; server_name localhost; ssl on; root html; index index.html index.htm; ssl_certificate cert/214031620150360.pem; ssl_certificate_key cert/214031620150360.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://backend; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ### Set headers #### proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Most PHP, Python, Rails, Java App can use this header ### proxy_set_header X-Forwarded-Proto https; ### By default we don't want to redirect it #### proxy_redirect off; } location /test/ { proxy_pass http://172.17.0.5:8080; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ### Set headers #### proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Most PHP, Python, Rails, Java App can use this header ### proxy_set_header X-Forwarded-Proto https; ### By default we don't want to redirect it #### proxy_redirect off; } location /dev/ { proxy_pass http://172.17.0.6:8080; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ### Set headers #### proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Most PHP, Python, Rails, Java App can use this header ### proxy_set_header X-Forwarded-Proto https; ### By default we don't want to redirect it #### proxy_redirect off; } location /pre/ { proxy_pass http://mgr; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ### Set headers #### proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Most PHP, Python, Rails, Java App can use this header ### proxy_set_header X-Forwarded-Proto https; ### By default we don't want to redirect it #### proxy_redirect off; } } }
Modify Tomcat configuration
新增配置项:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>
Step Four: Start Nginx
/usr/local/nginx/nginx
Step five: Test https domain
OK
Reproduced in: https: //www.cnblogs.com/Javame/p/6515628.html