0. Install Tomcat 8.5.30 (Remember install JDK 8 first.) and Nginx 1.10.3
# cd ~/
# wget http://ftp.mirror.tw/pub/apache/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz
# tar zxvf apache-tomcat-8.5.30.tar.gz
# ./apache-tomcat-8.5.30/bin/catalina.sh start
# sudo apt-get update
# sudo apt-get install nginx
1. Create self-sign ssl
# sudo mkdir /etc/nginx/ssl
# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/XXXXX.key -out /etc/nginx/ssl/XXXXX.crt
# sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 <--- You can use 2048 length.
2. Modified nginx configuration file
# sudo vim /etc/nginx/sites-available/default
...
...
...
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name 192.168.1.1; <--- You can change to domain name
return 301 https://192.168.1.1$request_uri; <--- You can change to domain name
}
...
...
...
server {
# SSL configuration
#
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/nginx/ssl/XXXXX.crt;
ssl_certificate_key /etc/nginx/ssl/XXXXX.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
server_name 192.168.1.1; <--- You can change to domain name
# Specify a charset
charset utf-8;
# disable autoindex
autoindex off;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
proxy_pass http://127.0.0.1:8080; <------- Tomcat Service
#try_files $uri $uri/ =404;
}
...
...
...
}
...
...
...
3. Restart Nginx
# sudo nginx -t
# sudo systemctl restart nginx
https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04
https://blog.gtwang.org/linux/nginx-create-and-install-ssl-certificate-on-ubuntu-linux/