Environmental Science :CentOS 7

Nginx edition : nginx/1.18.0

1. install nginx

For detailed steps, please refer to the following official website :http://nginx.org/en/linux_packages.html#RHEL-CentOS

Here are some general steps :

  • install yum Tools
yum install yum-utils
  • establish yum file /etc/yum.repos.d/nginx.repo, Add the following
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true [nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
  • Reload yum cache
yum clean all
yum makecache
  • Execution and installation
yum install nginx

After installation , With the following command , You can see the installed version and other information , Notice that there is --with-http_ssl_module modular , To show that nginx You can configure the ssl, Support https agreement

 nginx -V
  • Get ready ssl certificate

Please refer to the address for details :https://www.cnblogs.com/caidingyu/p/11904277.html

2. nginx To configure

  • stop it nginx service
# systemctl stop nginx.service
  • Confirm the path of the configuration file
# rpm -qc nginx

The default configuration file path is :/etc/nginx/nginx.conf

  • edit nginx The configuration file :
 vim /etc/nginx/nginx.conf

stay http{} Add something similar to the following :

server {
listen 443 ssl;
server_name  domain name ; # for example www.baidu.com
ssl on;

# Certificate address
ssl_certificate  ssl/ domain name .crt;
ssl_certificate_key ssl/ domain name .key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 360;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://127.0.0.1:8080;
}
location /webSocket/ {
#webSocket stay https Configuration below
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

3.tomcat Installation

Please refer to another blog for details :https://www.cnblogs.com/diantong/p/11106697.html

4.tomcat Configuration of

  • stop tomcat service

In the installation directory /bin Under the folder , There is one shutdown.sh Script , Execute the script to stop , After the stop , The stop can be confirmed by the following command :

ps -ef | grep tomcat
  • To find the corresponding server.xml The configuration file , Editing : Pay special attention to the contents marked in red

<Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="5000"
redirectPort="443"
proxyPort="443"
acceptCount="600"
maxThreads="500"
maxSpareThreads="100"
minSpareThreads="20"
maxIdleTime="5000"
keepAliveTimeout = "500"
maxKeepAliveRequests="100" URIEncoding="utf-8" maxPostsize='52428800'
/>

<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">

<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->

<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />

<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
</Host>

5. start-up nginx and tomcat service

  • start-up nginx service
# systemctl start nginx.service
  • start-up tomcat

Can be installed in the directory of /bin Under the document , perform startup.sh Script

6. How to deal with common problems

  • The network port is not accessible , Trying to shut down the firewall can solve
# systemctl stop firewalld.service
  • close sulinux Access restrictions ( If not running , May arise 502 bad gateway Error of )
setsebool -P httpd_can_network_connect 1
  • Test the port for failure
 telnet 127.0.0.1 8080

above , You can visit .

Nginx and Tomcat To configure SSL Realization https Visit more related articles

  1. Windows Next Nginx To configure SSL Realization Https visit ( Include certificate generation )

    Vincent. Li   Windows Next Nginx To configure SSL Realization Https visit ( Include certificate generation ) Windows Next Nginx To configure SSL Realization Https visit ( Include certificate generation ) First of all, we need to explain why we want to achieve https ...

  2. Centos7.2 Next Nginx To configure SSL Support https visit ( The site is based on .Net Core2.0 Developed WebApi)

    preparation 1. be based on nginx Deployed sites ( This site is based on .Net Core2.0 Developed WebApi, If you are interested, you can dance http://www.cnblogs.com/GreedyL/p/7422796. ...

  3. Springboot To configure ssl Realization HTTPS request &amp; Tomcat To configure SSL Support https request

    SSL(Secure Sockets Layer Secure socket layer ), And its successor transport layer security (Transport Layer Security,TLS) It is a security protocol that provides security and data integrity for network communication .TLS And ...

  4. nginx Security : To configure ssl certificate (https certificate )

    One , To configure https The meaning of a certificate https Agreement is made SSL+http Protocol building security protocol , Support encrypted transmission and identity authentication , Safety ratio http Better , Because of the encrypted transmission of data , It can ensure the security and integrity of data for example : Don't use ht ...

  5. Nginx To configure SSL Realization HTTPS visit

    nginx The configuration file is as follows : server { listen 443 ssl; server_name www.domain.com; root /www/web; index index.html in ...

  6. Ubuntu Nginx Next configuration website ssl Realization https visit

    Recently in to see  HTTP Authoritative guide   See the introduction HTTPS Of ssl, Do it yourself , Record the steps HTTPS brief introduction What is? HTTPS? This is how encyclopedia explains .HTTPS( Full name :Hyper Text Trans ...

  7. Nginx、Tomcat To configure https

    One .Nginx.Tomcat To configure https The premise is that we have got CA Certificate issued by the organization One . Certificate of merger 1. Suppose the certificate file is as follows Secret key file server.key, certificate CACertificate-INTERMEDIA ...

  8. TOMCAT To configure SSL Certification for HTTPS Agreement Services

     1 . Summary of problems Many systems with high security requirements , Will use the secure socket layer (SSL) Exchange of information , Sun In order to solve the problem Internet The solution of secure information transmission based on . It has achieved SSL and TSL( Transport layer security ) agreement ...

  9. Huawei cloud server is Tomcat To configure SSL

    Recently, due to the development of small programs need to be configured on the cloud server https access protocol , I also had a little problem , Record the configuration process :SSL After the certificate application comes down, there will be .jks .crt .pfx .pem A file with a suffix ( How to apply SSL This is ...

  10. Single sign on SSO, automatic logon , java encryption ,ssl principle , Tomcat To configure SSL

    Han Meng Feisha   Han Yafei  313134555@qq.com  yue31313  han_meng_fei_sha The English abbreviation of single sign on is SSO(single sign on), The single sign on feature allows users to just log in ...

Random recommendation

  1. ECMAScript 6 course ( 3、 ... and ) Class and Module( Classes and modules )

    The copyright of this article belongs to the author and blog Park , Welcome to reprint , However, this statement must be retained without the consent of the author , And in the obvious position of the article page Original link , The blog address is  http://www.cnblogs.com/jasonnode/ . The series is ...

  2. The finger of the sword offer- The second chapter is the ranking of age

    subject : The age of people in a company (0-99) Sort , The total number of people in the company is tens of thousands . The required time complexity is O(n), Can help O(n) Space . Ideas : The implementation function is void SortAge(int ages[],int le ...

  3. Qt Multi document interface application design

    Use Qt Write a multi document interface (MDI) The application is quite convenient , It's mainly used to QMdiArea and QMdiSubWindow Two classes . You can see Qt Asistant Description of these two classes in , It's very detailed . in addition , You can search for routines ...

  4. HTML Learning notes ( 5、 ... and ) Image loading

    Html Image processing is generally used <img> label grammar :                for example <img src=" Address " />             Address :      ...

  5. sharepoint User defined fields realize the linkage between provinces and cities

    The final effect is as follows : The settings column is as follows : The solution structure is as follows : fldtypes_RoyCustomField.xml The contents are as follows : <?xml version="1.0" encoding ...

  6. PO Box brief introduction

    Use Erlang When writing a program , There's always a situation : because Erlang Process mailbox There is no size limit , So it's going to take messages all the time , until Erlang Node memory overflow . in the majority of cases , We can do this by limiting the ...

  7. linux_Nginx journal

    Error message log configuration : The log file defaults to :/application/nginx/logs/erroe.log error_log logs/error.log error; # If you don't write the default, there will be , Default error, ...

  8. nc Using examples

    nc.exe -h You can see how to use each parameter . The basic format :nc [-options] hostname port[s] [ports] ...nc -l -p port [options] [hostna ...

  9. android Development View _12_ use Canvas Draw a picture ( Demo in blog Canvas Draw captcha pictures )

    package net.yt.yuncare.widgets; import android.graphics.Bitmap; import android.graphics.Canvas; impo ...

  10. python The mutex

    The mutex Data isolation between processes , But multiple processes can share the same piece of data , Like sharing the same file system , So access the same file , Or the same print terminal , There is no problem , And sharing brings competition , The result of competition is confusion , as follows from mu ...