NGINX+TOMCAT的HTTPS安全证书SSL配置与WebSocket安全证书SSL配置

NGINX 配置

HTTPS配置

server {
    listen       80;
    server_name www.longyaniot.com;

    rewrite ^ https://$http_host$request_uri? permanent;
}

server {
    listen       443 ssl;
    server_name  www.longyaniot.com;
    ssl_certificate /etc/nginx/ssl/3558155_longyaniot.com.pem;
    ssl_certificate_key /etc/nginx/ssl/3558155_longyaniot.com.key;

    location / {
        proxy_pass       http://localhost:8800;
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

websocket配置

location /wss/{
    proxy_pass http://127.0.0.1:6899/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-real-ip $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
}

2、TOMCAT配置

在conf/server.xml中Engine元素内内加入

<Valve className="org.apache.catalina.valves.RemoteIpValve"  
   remoteIpHeader="X-Forwarded-For"  
   protocolHeader="X-Forwarded-Proto"  
   protocolHeaderHttpsValue="https"/> 

这样分别重启Nginx和Tomcat就可以了。