网站建设与管理广东药学院,怎么制作网站链接手机,哪些网站可以做视频直播,提供郑州网站建设Tomcat/Nginx配置https协议证书 前言Tomcat配置https协议证书-阿里云方式一 pfx配置证书重启即可 方式二 jkspfx生成jks配置证书重启即可 Nginx配置https协议证书-阿里云实现方式重启即可 其他Tomcat相关配置例子如下nginx配置相关例子如下 前言
阿里云官网#xff1a;https:… Tomcat/Nginx配置https协议证书 前言Tomcat配置https协议证书-阿里云方式一 pfx配置证书重启即可 方式二 jkspfx生成jks配置证书重启即可 Nginx配置https协议证书-阿里云实现方式重启即可 其他Tomcat相关配置例子如下nginx配置相关例子如下 前言
阿里云官网https://account.aliyun.com/login/login.htm 前往阿里云控制台下载域名证 证书分为两个
Tomcat配置https协议证书-阿里云
其中_tomcat.zip就是我们需要用到的里面包括.pfx文件和密钥
证书文件pfx目录存放于D:/Tomcat8.0/cert/www.*****.com.cn.pfx
证书文件jks 目录存放于D:/Tomcat8.0/cert/www.*****.com.cn.jks
修改相同配置文件D:/Tomcat8.0/conf/server.xml
文件前缀我在使用的时候已去除方便替换如10169624_www.****.com.cn 去除了10169624_
方式一 pfx
参考网址https://blog.csdn.net/weixin_43246026/article/details/125804546
配置证书
将解压后的pfx文件复制到这个目录下 然后修改conf/server.xml文件
Connector port443 protocolorg.apache.coyote.http11.Http11Protocol SSLEnabledtruemaxThreads150 schemehttps securetruekeystoreFilecert/www.*****.com.cn.pfxkeystorePass12345678 clientAuthfalse sslProtocolTLS /keystoreFile就是我们pfx文件的路径 keystorePass则是密钥
重启即可
方式二 jks
参考网址https://www.ab62.cn/article/22429.html
pfx生成jks
使用JDK生成我们需要到本地jdk路径bin下然后将解压的pfx文件复制到这里并cmd打开这个目录的窗口 然后将如下命令执行记得要把pfx名称改成自己的
注需要输入三次密钥我们到解压的文件中将pfx-password.txt内的密码复制然后粘贴上去即可粘贴后直接回车密码不会显示出来的看起来就是空格三次粘贴回车即可生成jks
命令
keytool -importkeystore -srckeystore 10169624_www.****.com.cn.pfx -srcstoretype pkcs12 -destkeystore 10169624_www.****.com.cn.jks -deststoretype JKS生成后的文件生成后的jks文件我们需要复制到Tomcat目录下 如D:/Tomcat8.0/cert/www.*****.com.cn.jks
配置证书
生成jks后我们需要修改tomcat的conf/server.xml文件此处的配置方式为多域名配置 其中Connector标签行配置的域名是默认域名内的SSLHostConfig标签则是用来配置多域名的 我们操作第一个www.开头的将文件jks文件路径填充并将keystorePass的密钥填充。
重启即可
Nginx配置https协议证书-阿里云
其中_nginx.zip就是我们需要用到的里面包括.key和.pem文件
文件前缀我在使用的时候已去除方便替换如10169624_www.****.com.cn 去除了10169624_
实现方式
证书文件目录存放于
F:\nginx\conf\cert\www.*****.com.cn.key
F:\nginx\conf\cert\www.*****.com.cn.pem 修改配置文件F:\nginx\conf\nginx.conf
重启即可
其他
请复制下拉耐心查看实际用的并不多只是注释的也被我捞上来了而已
Tomcat相关配置例子如下
其中 zy_cert\zy***.com.jks 是另一个域名的证书此处并未相关只是例子需注意
?xml version1.0 encodingUTF-8?
!--Licensed to the Apache Software Foundation (ASF) under one or morecontributor license agreements. See the NOTICE file distributed withthis work for additional information regarding copyright ownership.The ASF licenses this file to You under the Apache License, Version 2.0(the License); you may not use this file except in compliance withthe License. You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an AS IS BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.
--
!-- Note: A Server is not itself a Container, so you may notdefine subcomponents such as Valves at this level.Documentation at /docs/config/server.html--
Server port8018 shutdownSHUTDOWNListener classNameorg.apache.catalina.startup.VersionLoggerListener /!-- Security listener. Documentation at /docs/config/listeners.htmlListener classNameorg.apache.catalina.security.SecurityListener /--!--APR library loader. Documentation at /docs/apr.html --Listener classNameorg.apache.catalina.core.AprLifecycleListener SSLEngineon /!-- Prevent memory leaks due to use of particular java/javax APIs--Listener classNameorg.apache.catalina.core.JreMemoryLeakPreventionListener /Listener classNameorg.apache.catalina.mbeans.GlobalResourcesLifecycleListener /Listener classNameorg.apache.catalina.core.ThreadLocalLeakPreventionListener /!-- Global JNDI resourcesDocumentation at /docs/jndi-resources-howto.html--GlobalNamingResources!-- Editable user database that can also be used byUserDatabaseRealm to authenticate users--Resource nameUserDatabase authContainertypeorg.apache.catalina.UserDatabasedescriptionUser database that can be updated and savedfactoryorg.apache.catalina.users.MemoryUserDatabaseFactorypathnameconf/tomcat-users.xml //GlobalNamingResources!-- A Service is a collection of one or more Connectors that sharea single Container Note: A Service is not itself a Container,so you may not define subcomponents such as Valves at this level.Documentation at /docs/config/service.html--Service nameCatalina!--The connectors can use a shared executor, you can define one or more named thread pools--!--Executor nametomcatThreadPool namePrefixcatalina-exec-maxThreads150 minSpareThreads4/--Executor nametomcatThreadPool namePrefixHTTP-8081-exec- prestartminSpareThreadstrue maxThreads5000 maxQueueSize100 minSpareThreads50 maxIdleTime10000 /!-- A Connector represents an endpoint by which requests are receivedand responses are returned. Documentation at :Java HTTP Connector: /docs/config/http.htmlJava AJP Connector: /docs/config/ajp.htmlAPR (HTTP/AJP) Connector: /docs/apr.htmlDefine a non-SSL/TLS HTTP/1.1 Connector on port 8080--Connector port8081 protocolHTTP/1.1connectionTimeout8000URIEncodingUTF-8 maxHttpHeaderSize8192
relaxedQueryChars{,},[,],\,^ executortomcatThreadPool redirectPort443 /!-- A Connector using the shared thread pool--!--Connector executortomcatThreadPoolport8080 protocolHTTP/1.1connectionTimeout8000redirectPort8443 /--!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443This connector uses the NIO implementation. The defaultSSLImplementation will depend on the presence of the APR/nativelibrary and the useOpenSSL attribute of theAprLifecycleListener.Either JSSE or OpenSSL style configuration may be used regardless ofthe SSLImplementation selected. JSSE style configuration is used below.--!--Connector port8443 protocolorg.apache.coyote.http11.Http11NioProtocolmaxThreads150 SSLEnabledtrueSSLHostConfigCertificate certificateKeystoreFileconf/localhost-rsa.jkstypeRSA //SSLHostConfig/Connector--!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2This connector uses the APR/native implementation which always usesOpenSSL for TLS.Either JSSE or OpenSSL style configuration may be used. OpenSSL styleconfiguration is used below.--!--
Connector port443 protocolorg.apache.coyote.http11.Http11NioProtocolmaxThreads150 SSLEnabledtrue schemehttps securetrueclientAuthfalse sslProtocolTLS
URIEncodingUTF-8 maxHttpHeaderSize8192 maxSwallowSize-1 maxPostSize20971520
relaxedQueryChars{,},[,],\,^keystoreFilebin\5984483_www.****.com.cn.pfx keystorePass123456 /--!--Connector port8443 protocolorg.apache.coyote.http11.Http11AprProtocolmaxThreads150 SSLEnabledtrue UpgradeProtocol classNameorg.apache.coyote.http2.Http2Protocol /SSLHostConfigCertificate certificateKeyFileconf/localhost-rsa-key.pemcertificateFileconf/localhost-rsa-cert.pemcertificateChainFileconf/localhost-rsa-chain.pemtypeRSA //SSLHostConfig/Connector--!-- 特别注意 defaultSSLHostConfigName 要配置一个默认的访问域名 -- Connector port8443 protocolorg.apache.coyote.http11.Http11Protocol SSLEnabledtruemaxThreads150 schemehttps securetrue clientAuthfalsekeystoreFilecert\www.****.com.cn.jks keystorePass123456defaultSSLHostConfigNamewww.****.com.cnsslProtocolTLS URIEncodingUTF-8SSLHostConfig hostNamewww.****.com.cnCertificate certificateKeystoreFilecert\www.****.com.cn.jkscertificateKeystorePassword123456 typeRSA//SSLHostConfigSSLHostConfig hostNamesaas.zy***.com Certificate certificateKeystoreFilezy_cert\zy***.com.jkscertificateKeystorePassword123456 typeRSA//SSLHostConfig/Connector !-- Define an AJP 1.3 Connector on port 8009 Connector port8009 protocolAJP/1.3 redirectPort8443 /--!-- An Engine represents the entry point (within Catalina) that processesevery request. The Engine implementation for Tomcat stand aloneanalyzes the HTTP headers included with the request, and passes themon to the appropriate Host (virtual host).Documentation at /docs/config/engine.html --!-- You should set jvmRoute to support load-balancing via AJP ie :Engine nameCatalina defaultHostlocalhost jvmRoutejvm1--Engine nameCatalina defaultHostwww.****.com.cnValve classNameorg.apache.catalina.valves.RemoteIpValve remoteIpHeaderX-Forwarded-For protocolHeaderX-Forwarded-Proto protocolHeaderHttpsValuehttps/!--For clustering, please take a look at documentation at:/docs/cluster-howto.html (simple how to)/docs/config/cluster.html (reference documentation) --!--Cluster classNameorg.apache.catalina.ha.tcp.SimpleTcpCluster/--!-- Use the LockOutRealm to prevent attempts to guess user passwordsvia a brute-force attack --Realm classNameorg.apache.catalina.realm.LockOutRealm!-- This Realm uses the UserDatabase configured in the global JNDIresources under the key UserDatabase. Any editsthat are performed against this UserDatabase are immediatelyavailable for use by the Realm. --Realm classNameorg.apache.catalina.realm.UserDatabaseRealmresourceNameUserDatabase//RealmHost namewww.****.com.cn appBasewebappsunpackWARstrue autoDeploytrueAliaswww.****.com.cn/Alias Aliassaas.zy***.com/Alias!-- SingleSignOn valve, share authentication between web applicationsDocumentation at: /docs/config/valve.html --!--Valve classNameorg.apache.catalina.authenticator.SingleSignOn /--!-- Access log processes all example.Documentation at: /docs/config/valve.htmlNote: The pattern used is equivalent to using patterncommon --Valve classNameorg.apache.catalina.valves.AccessLogValve directorylogsprefixlocalhost_access_log suffix.txtpattern%h %l %u %t quot;%rquot; %s %b //Host/Engine/Service
/Server
nginx配置相关例子如下
其中 nginx/cloudRoot 是项目静态文件目录 #user nobody;
worker_processes 8;#设置与CUP核数一致#错误日志存放目录
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;#pid logs/nginx.pid;events {worker_connections 65535;#单个后台worker process进程的最大并发链接数
}stream {upstream bitbucket-ssh {server localhost:27017; #MongoDB 服务}
}http {include mime.types;#文件扩展名与类型映射表default_type application/octet-stream;#默认文件类型#log_format main $remote_addr - $remote_user [$time_local] $request # $status $body_bytes_sent $http_referer # $http_user_agent $http_x_forwarded_for;#access_log logs/access.log main;add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Headers X-Requested-With;add_header Access-Control-Allow-Methods GET,POST,OPTIONS;client_max_body_size 1024m;sendfile on;#tcp_nopush on;tcp_nopush on; #防止网络阻塞tcp_nodelay on; #防止网络阻塞keepalive_timeout 60;#连接超时时间单位是秒#keepalive_timeout 5;#开启gzip压缩功能gzip on;#upstream表示负载服务器池定义名字为backend_server的服务器池#项目 - httpupstream linuxidc{#服务器集群名字ip_hash;server localhost:8081 weight2 max_fails3 fail_timeout60s; #服务器配置 weight是权重的意思权重越大分配的概率越大。server localhost:8082 weight2 max_fails3 fail_timeout60s; #服务器配置 weight是权重的意思权重越大分配的概率越大。}#项目 - httpsupstream linuxidc_443{#服务器集群名字ip_hash;server localhost:8443 weight2 max_fails3 fail_timeout60s; #服务器配置 weight是权重的意思权重越大分配的概率越大。 server localhost:8444 weight2 max_fails3 fail_timeout60s; #服务器配置 weight是权重的意思权重越大分配的概率越大。}#----map $http_upgrade $connection_upgrade {default upgrade; close;}
#-----server {listen 80;server_name 172.18.93.221; #charset koi8-r;#access_log logs/host.access.log main;location / {proxy_pass http://linuxidc;proxy_redirect default;proxy_connect_timeout 5s; #默认值60s, nginx连接到后端服务器的连接超时时间proxy_set_header Host $host:80;proxy_set_header X-Forward-For $remote_addr;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection upgrade;proxy_read_timeout 3600s;#获取客户端真实IPproxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}#配置静态文件location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|css|js|apk|zip|exe|doc|pdf|xlsx|jade|xls|txt|mp4|json|so|mp3)$ { root /nginx/cloudRoot/;add_header Cache-Control no-store;expires 24h;add_header Access-Control-Allow-Crigin http://www.joy.com; # 允许跨域访问的域名add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS; # 配置请求方式}error_page 400 401 402 403 404 405 408 410 412 413 414 415 500 501 502 503 504 506 /404.html;location /50x.html {root html;}location /404.html {root html;}location /403.html {root html;}}server {listen 443 ssl;#配置HTTPS的默认访问端口为443。#如果未在此处配置HTTPS的默认访问端口可能会造成Nginx无法启动。#如果您使用Nginx 1.15.0及以上版本请使用listen 443 ssl代替listen 443和ssl on。server_name www.****.com.cn; #证书绑定的域名。root html;ssl_certificate cert/www.****.com.cn.pem; #需要将cert-file-name.pem替换成已上传的证书文件的名称。ssl_certificate_key cert/www.****.com.cn.key; #需要将cert-file-name.key替换成已上传的证书私钥文件的名称。ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;#表示使用的加密套件的类型。ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #表示使用的TLS协议的类型。ssl_prefer_server_ciphers on;location / {proxy_pass https://linuxidc_443;proxy_redirect default;proxy_connect_timeout 5s; #默认值60s, nginx连接到后端服务器的连接超时时间proxy_set_header Host $host:443;proxy_set_header X-Forward-For $remote_addr;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection upgrade;proxy_read_timeout 3600s;#获取客户端真实IPproxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}#配置静态文件location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|css|js|apk|zip|exe|doc|pdf|xlsx|jade|xls|txt|mp4|json|so|mp3)$ { root /nginx/cloudRoot/;add_header Cache-Control no-store;#expires 24h;#add_header Access-Control-Allow-Crigin http://www.joy.com; # 允许跨域访问的域名#add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS; # 配置请求方式}error_page 400 401 402 403 404 405 408 410 412 413 414 415 500 501 502 503 504 506 /404.html;location /50x.html {root html;}location /404.html {root html;}location /403.html {root html;}}} 文章转载自: http://www.morning.jnvivi.com.gov.cn.jnvivi.com http://www.morning.lhgqc.cn.gov.cn.lhgqc.cn http://www.morning.rwdbz.cn.gov.cn.rwdbz.cn http://www.morning.rwrn.cn.gov.cn.rwrn.cn http://www.morning.bqmdl.cn.gov.cn.bqmdl.cn http://www.morning.plfy.cn.gov.cn.plfy.cn http://www.morning.sbrxm.cn.gov.cn.sbrxm.cn http://www.morning.kkqgf.cn.gov.cn.kkqgf.cn http://www.morning.llqch.cn.gov.cn.llqch.cn http://www.morning.rhdln.cn.gov.cn.rhdln.cn http://www.morning.rgnp.cn.gov.cn.rgnp.cn http://www.morning.pxlpt.cn.gov.cn.pxlpt.cn http://www.morning.qrgfw.cn.gov.cn.qrgfw.cn http://www.morning.fchkc.cn.gov.cn.fchkc.cn http://www.morning.sfwfk.cn.gov.cn.sfwfk.cn http://www.morning.fsjcn.cn.gov.cn.fsjcn.cn http://www.morning.crkhd.cn.gov.cn.crkhd.cn http://www.morning.kmrgl.cn.gov.cn.kmrgl.cn http://www.morning.tgfsr.cn.gov.cn.tgfsr.cn http://www.morning.lsmgl.cn.gov.cn.lsmgl.cn http://www.morning.wkmyt.cn.gov.cn.wkmyt.cn http://www.morning.gqwpl.cn.gov.cn.gqwpl.cn http://www.morning.dbrdg.cn.gov.cn.dbrdg.cn http://www.morning.nqnqz.cn.gov.cn.nqnqz.cn http://www.morning.wknjy.cn.gov.cn.wknjy.cn http://www.morning.glswq.cn.gov.cn.glswq.cn http://www.morning.pcjw.cn.gov.cn.pcjw.cn http://www.morning.jpdbj.cn.gov.cn.jpdbj.cn http://www.morning.dmchips.com.gov.cn.dmchips.com http://www.morning.knmp.cn.gov.cn.knmp.cn http://www.morning.osshjj.cn.gov.cn.osshjj.cn http://www.morning.mglqf.cn.gov.cn.mglqf.cn http://www.morning.kbyp.cn.gov.cn.kbyp.cn http://www.morning.hydkd.cn.gov.cn.hydkd.cn http://www.morning.kcrw.cn.gov.cn.kcrw.cn http://www.morning.xtxp.cn.gov.cn.xtxp.cn http://www.morning.lmmkf.cn.gov.cn.lmmkf.cn http://www.morning.hsrpc.cn.gov.cn.hsrpc.cn http://www.morning.myxps.cn.gov.cn.myxps.cn http://www.morning.fbxlj.cn.gov.cn.fbxlj.cn http://www.morning.jstggt.cn.gov.cn.jstggt.cn http://www.morning.errnull.com.gov.cn.errnull.com http://www.morning.nkllb.cn.gov.cn.nkllb.cn http://www.morning.fhyhr.cn.gov.cn.fhyhr.cn http://www.morning.stwxr.cn.gov.cn.stwxr.cn http://www.morning.nzcgj.cn.gov.cn.nzcgj.cn http://www.morning.fhhry.cn.gov.cn.fhhry.cn http://www.morning.nlhcb.cn.gov.cn.nlhcb.cn http://www.morning.bmnm.cn.gov.cn.bmnm.cn http://www.morning.gwgjl.cn.gov.cn.gwgjl.cn http://www.morning.knlyl.cn.gov.cn.knlyl.cn http://www.morning.jrqw.cn.gov.cn.jrqw.cn http://www.morning.zcnfm.cn.gov.cn.zcnfm.cn http://www.morning.zqzzn.cn.gov.cn.zqzzn.cn http://www.morning.znqxt.cn.gov.cn.znqxt.cn http://www.morning.sqhlx.cn.gov.cn.sqhlx.cn http://www.morning.gkjnz.cn.gov.cn.gkjnz.cn http://www.morning.kmqjx.cn.gov.cn.kmqjx.cn http://www.morning.pudejun.com.gov.cn.pudejun.com http://www.morning.gjmll.cn.gov.cn.gjmll.cn http://www.morning.dwxqf.cn.gov.cn.dwxqf.cn http://www.morning.qzdxy.cn.gov.cn.qzdxy.cn http://www.morning.tbnpn.cn.gov.cn.tbnpn.cn http://www.morning.tbnn.cn.gov.cn.tbnn.cn http://www.morning.hcwlq.cn.gov.cn.hcwlq.cn http://www.morning.ltcnd.cn.gov.cn.ltcnd.cn http://www.morning.tjjkn.cn.gov.cn.tjjkn.cn http://www.morning.rrxgx.cn.gov.cn.rrxgx.cn http://www.morning.kxsnp.cn.gov.cn.kxsnp.cn http://www.morning.yqsq.cn.gov.cn.yqsq.cn http://www.morning.zdhxm.com.gov.cn.zdhxm.com http://www.morning.mwjwy.cn.gov.cn.mwjwy.cn http://www.morning.myfwb.cn.gov.cn.myfwb.cn http://www.morning.cjmmn.cn.gov.cn.cjmmn.cn http://www.morning.kxbdm.cn.gov.cn.kxbdm.cn http://www.morning.zrlwl.cn.gov.cn.zrlwl.cn http://www.morning.kxsnp.cn.gov.cn.kxsnp.cn http://www.morning.nfdty.cn.gov.cn.nfdty.cn http://www.morning.sdkaiyu.com.gov.cn.sdkaiyu.com http://www.morning.sfsjh.cn.gov.cn.sfsjh.cn
