This article mainly introduces how to use nginx to configure tomcat and https ssl certificates.

Mode 1: directly modify the nginx.conf file under the conf file of nginx

You can directly copy the entire server node as follows, and change the certificate in the red box to your own.

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
	
	#include /usr/local/nginx/conf.d/*.config;

    #gzip  on;

   upstream mysvr {
      #The weight parameter represents the weight. The higher the weight, the greater the probability of being assigned   
      #1.down indicates that the server before the order does not participate in the load temporarily
      #2.weight is 1 by default. The greater the weight, the greater the weight of the load.     
      #3.backup: request the backup machine when all other non backup machines are down or busy. So this machine will have the least pressure.  
      #server 192.168.1.116  down;
      #server 192.168.1.116  backup;
      server 39.108.68.29:8080;
    }
    server {
        listen       80;
        server_name  39.108.68.29;
	rewrite ^(.*)$  https://$host$1 permanent; 
        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            proxy_pass http://mysvr;
	    proxy_set_header Host $host; 
	    proxy_set_header Cookie $http_cookie;
	    proxy_set_header X-Real-IP $remote_addr; 
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_connect_timeout 600;
 	    proxy_read_timeout 600;
 	    proxy_send_timeout 600; 
		}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
		
    }


	 #server {
     # listen 80;
     # server_name www.yitaobei.cn;
     # return 301 https://$server_name$request_uri;
    #}
	

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    server {
    listen 443;
    server_name localhost;
    ssl on;
    root html;
    index index.html index.htm;
    ssl_certificate   cert/14330112820728.pem;
    ssl_certificate_key  cert/214330112820728.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        root html;
        index index.html index.htm;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_redirect off;
        proxy_connect_timeout      240;
        proxy_send_timeout         240;
        proxy_read_timeout         240;
		proxy_pass http://mysvr;
    }
}

}

Mode 2: reference external files in nginx.conf under the conf file of nginx

upstream 39.108.68.29
{       
	
	server   39.108.68.29:8080;		
}

server {
        listen       80;
        server_name  39.108.68.29;

        location /
        {
            proxy_pass http://39.108.68.29;
            proxy_set_header Host $host;
            proxy_set_header Cookie $http_cookie; 
	    proxy_set_header X-Real-IP $remote_addr; 
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_connect_timeout 600;
 	    proxy_read_timeout 600;
 	    proxy_send_timeout 600;
	    client_max_body_size 20m; 
        }
	
	
        access_log /usr/local/nginx/logs/ytb.log;
	error_log /usr/local/nginx/logs/ytb_error.log;	
}

Explain the meaning of some parameters in detail

Listen: indicates the port the current proxy server listens to. The default port is port 80. Note that if we have configured multiple servers, the configuration of this listen is not the same, otherwise we can not determine where to go.

server_name: indicates where we need to go after listening. At this time, we will go directly to the local area and the nginx folder.

location: indicates the matching path, where / is configured to indicate that all requests are matched here

Root: if root is configured, it means that when matching the path of the request, corresponding files will be found in this folder, which is very useful for our later static file servo.

index: when no home page is specified, the specified file will be selected by default. It can have multiple files and be loaded in order. If the first one does not exist, the second one will be found, and so on.