環境:CentOS 7
Nginx版本: nginx/1.18.0
1. 安裝nginx
詳細步驟可以參考如下官網:http://nginx.org/en/linux_packages.html#RHEL-CentOS
下面是一些大致的步驟:
- 安裝yum工具
yum install yum-utils
- 創建yum文件/etc/yum.repos.d/nginx.repo,添加如下內容
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
- 重新加載yum緩存
yum clean all yum makecache
- 執行安裝
yum install nginx
安裝完成后,通過下面的命令,可以產看安裝的版本等信息,注意看到有--with-http_ssl_module 模塊,才表明nginx可以配置ssl,支持https協議
nginx -V
- 准備ssl證書
詳細可參考地址:https://www.cnblogs.com/caidingyu/p/11904277.html
2. nginx配置
- 停止nginx服務
# systemctl stop nginx.service
- 確認配置文件的路徑
# rpm -qc nginx
默認配置文件的路徑為:/etc/nginx/nginx.conf
- 編輯nginx配置文件:
vim /etc/nginx/nginx.conf
在http{}中添加類似內容如下:
server {
listen 443 ssl;
server_name 域名; #例如 www.baidu.com
ssl on;#證書地址
ssl_certificate ssl/域名.crt;
ssl_certificate_key ssl/域名.key;ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 360;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://127.0.0.1:8080;
}
location /webSocket/ {
#webSocket在https下的配置
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
3.tomcat的安裝
詳細可以參考另外一篇博文:https://www.cnblogs.com/diantong/p/11106697.html
4.tomcat的配置
- 停tomcat服務
在安裝目錄的/bin文件夾下,有一個shutdown.sh腳本,執行該腳本進行停止,停止后,可以通過如下命令確認停止完成:
ps -ef | grep tomcat
- 找到對應server.xml配置文件,進行編輯:特別注意紅色字體標記的內容
<Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="5000"
redirectPort="443"
proxyPort="443"
acceptCount="600"
maxThreads="500"
maxSpareThreads="100"
minSpareThreads="20"
maxIdleTime="5000"
keepAliveTimeout = "500"
maxKeepAliveRequests="100" URIEncoding="utf-8" maxPostsize='52428800'
/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"><!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
--><!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" /><Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
</Host>
5. 啟動nginx和tomcat服務
- 啟動nginx服務
# systemctl start nginx.service
- 啟動tomcat
可以在安裝目錄的/bin文件下,執行startup.sh腳本
6. 常見問題處理方法
- 網絡端口無法訪問,嘗試關閉防火牆是否可以解決
# systemctl stop firewalld.service
- 關閉sulinux訪問限制(如果沒有運行,可能產生502 bad gateway的錯誤)
setsebool -P httpd_can_network_connect 1
- 測試端口是否故障
telnet 127.0.0.1 8080
以上,可訪問了。