openssl制作2048
openssl genrsa -des3 -out server.key 2048
openssl req -new-key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
[root@localhost conf.d]# /usr/local/nginx/sbin/nginx -V 查看是否含有 --with-http_ssl_module 模块
nginx version: nginx/1.6.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) TLS SNI support enabledconfigure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module
配置nginx中的ssl证书
#user nobody;
worker_processes 1;#error_log logs/error.log;
#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;
events { worker_connections 1024;} http { include mime.types; default_type application/octet-stream;#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"';#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;#keepalive_timeout 0;
keepalive_timeout 65;#gzip on;
include /usr/local/nginx/conf/conf.d/*.conf; #配置在 nginx配置文件的 http{}中 主要作用引入https.confmore https.conf
server {
listen 443; server_name 10.1.3.47; ssl on; ssl_certificate keys/server.crt; ssl_certificate_key keys/server.key; location / { root html; index index.php index.html index.htm; }}tomcat需要在配置文件中所做的配置为
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>