nginx 설정


vi /etc/nginx/sites-available/default  에 최상단에 아래 내용 추가.

upstream        tomcat {
         server  127.0.0.1:8080  fail_timeout=0;
 }


nginx 첫번재 도메인(www.hoticel.net) 설정

# 예제 1. http://www.hoticel.net

vi /etc/nginx/sites-available/www.hoticle.net

# hoticle.net => www.hoticle.net
server {
        listen 80;
        server_name hoticle.net;
        return 301 $scheme://www.hoticle.net$request_uri;
}

# www.hoticle.net 설정
server {
        listen 80;
        listen [::]:80;

        server_name www.hoticle.net;

        # Let's Encrypt 관련 디렉토리
        location /.well-known {
                # Note that a request for /.well-known/test.html whill
                # look for /var/www/ssl-prof-rancher/.well-known/test.html
                # and not /var/www/ssl-proof/rancher/test.html
                root /var/www/ssl-proof/tomcat/;
        }

        location / {
                proxy_redirect off;
                proxy_pass_header Server;

                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port $server_port;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
                proxy_pass http://tomcat;
                charset utf-8;
        }
}
 



두번째 도메인 설정 ( www.bbb.net )

# 예제 1. http://www.bbb.net

vi /etc/nginx/sites-available/www.bbb.net

# www.bbb.net 설정
server {
        listen 80;
        listen [::]:80;

        server_name www.bbb.net;

        # Let's Encrypt 관련 디렉토리
        location /.well-known {
                # Note that a request for /.well-known/test.html whill
                # look for /var/www/ssl-prof-rancher/.well-known/test.html
                # and not /var/www/ssl-proof/rancher/test.html
                root /var/www/ssl-proof/tomcat/;
        }

        location / {
                proxy_redirect off;
                proxy_pass_header Server;

                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port $server_port;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
                proxy_pass http://tomcat;
                charset utf-8;
        }




# nginx 문법 테스트

nginx -t

# nginx 재시작

systemctl restart nginx.service



Tomcat 설정


server.xml 설정

vi /etc/tomcat/server.xml

 <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               address="127.0.0.1"
               redirectPort="8443" />

...


       <Host name="www.hoticle.net" appBase="/var/www/Hoticle" autoDeploy="true"  xmlValidation="false" xmlNamespaceAware="false">
              <Context path="/" docBase="" reloadable="true" />
      </Host>
      <Host name="www.bbb.net" appBase="/var/www/bbb" autoDeploy="true"  xmlValidation="false" xmlNamespaceAware="false">
              <Context path="/" docBase="" reloadable="true" />
      </Host>


  </Engine>

  </Service>
</Server> 



# tomcat 재실행

systemctl restart tomcat8.service



Let's Encrypt

Let's Encrypt  실행

# certbot --nginx -d www.hoticel.net -d www.bbb.net



crontab 등록

# Let's Encrypt
30 2 * * * certbot renew --noninteractive --renew-hook "/bin/systemctl reload nginx" >> /var/log/le-renew.log



참고 사이트 :

https://tom.busby.ninja/letsecnrypt-nginx-reverse-proxy-no-downtime/
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-8

+ Recent posts