nginx1.18配置https，tomcat9也配置https

生成证书：https://www.cnblogs.com/caidingyu/p/11904277.html

tomcat9

https://blog.csdn.net/lzj_lives/article/details/123824964

server.xml

    <Connector port="9091" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" SSLEnabled="true" scheme="https">
        <SSLHostConfig>
            <Certificate  certificateFile="/home/nginx/cert/server.crt" 
            certificateKeyFile="/home/nginx/cert/server.key"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

nginx1.18

强制跳转，http强制跳转到https

server {
        listen 9000;
        server_name  192.1168.232.129;
    rewrite ^ https://$host:9009$request_uri;
    }

完整nginx.conf：

worker_processes  1;
user root;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;
    upstream tomcat_web{
        server 192.168.232.129:9091;
    }
    
    server {
        listen 9000;
        server_name  192.168.232.129;
        rewrite ^ https://$host:9009$request_uri;
    }
    
    server {
        # 服务器端口使用443，开启ssl, 这里ssl就是上面安装的ssl模块
        listen 9009 ssl;
        # 域名，多个以空格分开
        server_name  192.168.232.129;
        
        # ssl证书地址
        ssl_certificate     /home/nginx/cert/server.crt;  # pem文件的路径
        ssl_certificate_key  /home/nginx/cert/server.key; # key文件的路径
        
        # ssl验证相关配置
        ssl_session_timeout  5m;    #缓存有效期
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    #加密算法
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    #安全链接可选的加密协议
        ssl_prefer_server_ciphers on;   #使用服务器端的首选算法
        #后台服务配置，配置了这个location便可以通过http://域名/xxxx/xxxx 访问        
        location ^~ /admin{
            proxy_pass       https://tomcat_web/boot;
            proxy_set_header Host 127.0.0.1;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        #解决Router(mode: 'history')模式下，刷新路由地址不能找到页面的问题
        location / {
            root   /home/dist;
            index  index.html index.htm;
            if (!-e $request_filename) {
                rewrite ^(.*)$ /index.html?s=$1 last;
                break;
            }
        }
    }
}