#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
#ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/pki/tls/private/dhparam.pem;
ssl_certificate /etc/pki/tls/certs/baidu.com.crt;
ssl_certificate_key /etc/pki/tls/private/baidu.com.key;
#ssl_session_tickets off;
#ssl_session_timeout 1d;
#ssl_session_cache shared:SSL:1m;
add_header Strict-Transport-Security 'max-age=31536000'; # remember the certificate for a year and automatically connect to HTTPS for this domain
location ~ /\. { access_log off; log_not_found off; deny all; }
location ~* (\.jsp)|(\.do)$ {
include proxy.conf;
proxy_pass :8080;
}
location /cphd {
root /home/www/cphd;
include proxy.conf;
proxy_pass :8080;
}
}
Tomcat配置:
vi /usr/local/tomcat/conf/server.xml +71
<Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol"
enableLookups="false" acceptCount="1000"
useBodyEncodingForURI="true"
URIEncoding="UTF-8"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
vi /usr/local/tomcat/conf/server.xml +128
<Host appBase="/home/www/cphd"
unpackWARs="true" autoDeploy="true">
<Context reloadable="true" docBase="cphd" path="" />
配置Tomcat多实例:
cp -r /usr/local/tomcat /usr/local/tomcat2
然后修改相应端口和虚拟主机即可。
保存后,重启tomcat:
service tomcat stop
service tomcat start
检查Tomcat启动进程:
ps -ef | grep tomcat
更多Nginx关教程见以下内容:
CentOS 7下Nginx服务器的安装配置
CentOS 6.8 安装LNMP环境(Linux+Nginx+MySQL+PHP)
Linux下安装PHP环境并配置Nginx支持php-fpm模块
Ubuntu 16.04上启用加密安全的Nginx Web服务器