muicoder asked 7 年 ago
### nginx.conf
```
# HTTP server
upstream tomcat_http{
server 127.0.0.1:8080;
#ip_hash;
}
```
# HTTP server
upstream tomcat_http{
server 127.0.0.1:8080;
#ip_hash;
}
#return 301 https://$server_name$request_uri;
# HTTPS server
upstream tomcat_https{
server 127.0.0.1:8443;
#ip_hash;
}
location / {
proxy_pass $scheme://tomcat_$scheme;
include proxy.conf;
}
ssl on;
ssl_certificate localhost.crt;# (证书公钥)
ssl_certificate_key localhost.key;# (证书私钥)
ssl_verify_client on;# 验证client证书
ssl_client_certificate ca.cer;# 签发client证书的CA证书
ssl_verify_depth 1;# client证书认证链长度,根据ca.cer设置
proxy_ssl_certificate localhost.crt;# nginx与server通信的证书公钥
proxy_ssl_certificate_key localhost.key;# nginx与server通信的证书私钥
proxy_ssl_verify on;# 验证server证书
proxy_ssl_trusted_certificate ca.cer;# 签发server证书的CA证书
proxy_ssl_verify_depth 1;# server证书认证链长度,根据ca.cer设置
proxy_set_header Client-Cert $ssl_client_cert;# 将客户端证书放到头中传递给后端服务器
```
oneinstack