tomcat端口:8080 做好虚拟主机
nginx端口:80 根据域名分派
在conf/nginx.conf中的http中增加
include www.cainiaojc.com.conf
新建conf/www.cainiaojc.com.conf,内容如下:
server { listen 80; server_name www.cainiaojc.com;location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host:80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } }
其中127.0.0.1是你的tomcat主机ip
要是代理https的话,内容如下:
server { listen 443; server_name mail.jb51.net;ssl on; ssl_certificate server.crt; ssl_certificate_key server.key;
location / { proxy_pass https://192.168.0.2:443; proxy_set_header Host $host:443; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx";
} }
server { listen 80; server_name svn.jb51.net;location / { proxy_pass https://192.168.0.2:443; proxy_set_header Host $host:443; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; proxy_set_header X-Forwarded-Proto https; #注意看这里 多了一行 } }
如果提示“SSL 接收到一个超出最大准许长度的记录。” 错误代码“ssl_error_rx_record_too_long”说明少了“ssl on;”这一行
后面的server.crt server.key是数字证书,具体可以参照openssl做证书
openssl做证书
mkdir ssl cd ssl openssl genrsa -des3 -out server.key 1024 # 会提示你输入key,尽可能长些复杂些,后面好几处要用,我都是复制粘贴的 openssl req -new -key server.key -out server.csr # 输入组织信息 CN BeiJing HaiDian huozhe.com cp server.key server.key.org openssl rsa -in server.key.org -out server.key openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
这里的server.crt server.key你就可以拿去用了