tomcat配置域名及HTTPS
<h3><span style="font-family: "courier new", courier; font-size: 18px">1.安装JDK及Tomcat</span></h3><div class="cnblogs_code">
<pre><span style="font-family: "courier new", courier; font-size: 14px">tar xf jdk-8u201-linux-x64.tar.gz -C /usr/local/<span style="color: rgba(0, 0, 0, 1)">
cd </span>/usr/local/<span style="color: rgba(0, 0, 0, 1)">
ln </span>-sv jdk1.<span style="color: rgba(128, 0, 128, 1)">8</span>.0_201/<span style="color: rgba(0, 0, 0, 1)"> java
vim</span>/etc/profile.d/<span style="color: rgba(0, 0, 0, 1)">java.sh
export JAVA_HOME</span>=/usr/local/<span style="color: rgba(0, 0, 0, 1)">java
export CLASSPATH</span>=$JAVA_HOME/lib/<span style="color: rgba(0, 0, 0, 1)">tools.jar
export PATH</span>=$JAVA_HOME/<span style="color: rgba(0, 0, 0, 1)">bin:$PATH
. </span>/etc/profile.d/<span style="color: rgba(0, 0, 0, 1)">java.sh
java </span>-<span style="color: rgba(0, 0, 0, 1)">version
tar xf apache</span>-tomcat-<span style="color: rgba(128, 0, 128, 1)">8.5</span>.<span style="color: rgba(128, 0, 128, 1)">57</span>.tar.gz -C /usr/local/<span style="color: rgba(0, 0, 0, 1)">
cd </span>/usr/local/<span style="color: rgba(0, 0, 0, 1)">
ln </span>-sv apache-tomcat-<span style="color: rgba(128, 0, 128, 1)">8.5</span>.<span style="color: rgba(128, 0, 128, 1)">57</span>/<span style="color: rgba(0, 0, 0, 1)"> tomcat
cd tomcat</span></span></pre>
</div>
<h3><span style="font-family: "courier new", courier; font-size: 18px">2.配置Tomcat使用域名</span></h3>
<p><span style="font-family: "courier new", courier; font-size: 14px">编辑server.xml文件</span></p>
<div class="cnblogs_code">
<pre><span style="font-family: "courier new", courier; font-size: 14px"><Engine name="Catalina" defaultHost="www.inktech.ltd"> #设置默认域名,类似Nginx default server,接收所有发往非明确定义虚拟主机的请求
<Host name=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">www.inktech.ltd</span><span style="color: rgba(128, 0, 0, 1)">"</span>appBase=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">webapps</span><span style="color: rgba(128, 0, 0, 1)">"#name 配置的域名 appBase 加载的文件夹,默认即可</span><span style="color: rgba(0, 0, 0, 1)">
unpackWARs</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">true</span><span style="color: rgba(128, 0, 0, 1)">"</span> autoDeploy=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">true</span><span style="color: rgba(128, 0, 0, 1)">"</span>>
<Alias>inktech.ltd</Alias> #如果项目有多个域名可以在Alias添加,此处是将域名默认跳转到www上<br>#path 输入的URI,为空为不输入,不可省略docBase 项目代码目录 reloadable 动态加载,生产环境建议禁用
<!-- Context path=<span style="color: rgba(128, 0, 0, 1)">""</span> docBase=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\qxw</span><span style="color: rgba(128, 0, 0, 1)">"</span> debug=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">0</span><span style="color: rgba(128, 0, 0, 1)">"</span> reloadable=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">true</span><span style="color: rgba(128, 0, 0, 1)">"</span> ></Context>--></span></pre>
</div>
<h3><span style="font-family: "courier new", courier; font-size: 18px">3.添加HTTPS证书</span></h3>
<div class="cnblogs_code">
<pre><span style="font-family: "courier new", courier; font-size: 14px"><span style="color: rgba(0, 0, 0, 1)">mkdir cert
cd cert
mv </span>~/<span style="color: rgba(0, 0, 0, 1)">8350448_inktech.ltd_tomcat.zip . #证书从供应商处下载
unzip 8350448_inktech.ltd_tomcat.zip
cat pfx</span>-<span style="color: rgba(0, 0, 0, 1)">password.txt#查看证书密码
keytool </span>-changealias -keystore /usr/local/tomcat/cert/inktech.ltd.pfx -alias alias-<span style="color: rgba(0, 0, 0, 1)">destalias tomcat #修改证书别名,默认alias
输入密钥库口令: #password文件内容</span></span></pre>
</div>
<h3><span style="font-family: "courier new", courier; font-size: 18px">4.设置HTTPS</span></h3>
<div class="cnblogs_code">
<pre><span style="font-family: "courier new", courier; font-size: 14px"> <Connector port=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">8080</span><span style="color: rgba(128, 0, 0, 1)">"</span> protocol=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">HTTP/1.1</span><span style="color: rgba(128, 0, 0, 1)">"#建议80</span><span style="color: rgba(0, 0, 0, 1)">
connectionTimeout</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">20000</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
redirectPort</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">8443</span><span style="color: rgba(128, 0, 0, 1)">"</span> />#此端口和下面的保持一致
<Connector port=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">8443</span><span style="color: rgba(128, 0, 0, 1)">"</span> protocol=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">org.apache.coyote.http11.Http11Protocol</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
maxThreads</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">150</span><span style="color: rgba(128, 0, 0, 1)">"</span> SSLEnabled=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">true</span><span style="color: rgba(128, 0, 0, 1)">"</span> scheme=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">https</span><span style="color: rgba(128, 0, 0, 1)">"</span> secure=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">true</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
clientAuth</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">false</span><span style="color: rgba(128, 0, 0, 1)">"</span> sslProtocol=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">TLS</span><span style="color: rgba(128, 0, 0, 1)">"</span> keyAlias=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">tomcat</span><span style="color: rgba(128, 0, 0, 1)">"</span>URIEncoding=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">UTF-8</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
keystoreFile</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/usr/local/tomcat/cert/inktech.ltd.pfx</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> #刚刚解压的证书
keystorePass</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ddxfexc7</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> #密码文件内容
ciphers</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, </span>
<span style="color: rgba(0, 0, 0, 1)"> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_RC4_128_SHA</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/></span></span></pre>
</div>
<h3><span style="font-family: "courier new", courier; font-size: 18px">5.设置HTTPS强制跳转</span></h3>
<p><span style="font-family: "courier new", courier; font-size: 14px">编辑web.xml,在最后添加一下内容</span></p>
<div class="cnblogs_code">
<pre><span style="font-family: "courier new", courier; font-size: 14px"><login-config>
<!-- Authorization setting <span style="color: rgba(0, 0, 255, 1)">for</span> SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting <span style="color: rgba(0, 0, 255, 1)">for</span> SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern><span style="color: rgba(0, 128, 0, 1)">/*</span><span style="color: rgba(0, 128, 0, 1)"></url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint></span></span></pre>
</div>
<h3><span style="font-family: "courier new", courier; font-size: 18px">6.启动并验证</span></h3>
<p><span style="font-family: "courier new", courier; font-size: 14px">做好DNS或hosts解析</span></p>
<p><span style="font-family: "courier new", courier; font-size: 14px">访问http://www.inktech.ltd:8080/</span></p>
<p><span style="font-family: "courier new", courier; font-size: 14px"><img src="https://img2023.cnblogs.com/blog/911490/202305/911490-20230529112615896-12177698.png" alt="" loading="lazy"></span></p>
<p><span style="font-family: "courier new", courier; font-size: 14px"> 验证上是否会自动跳转到https://www.inktech.ltd:8443/</span></p>
<p><span style="font-family: "courier new", courier; font-size: 14px"><img src="https://img2023.cnblogs.com/blog/911490/202305/911490-20230529112645518-1394662481.png" alt="" loading="lazy"></span></p>
<p><span style="font-family: "courier new", courier; font-size: 14px"> </span></p>
<p> </p>
<p><span style="font-family: "courier new", courier; font-size: 14px"> </span></p>
</div>
<div id="MySignature" role="contentinfo">
"一劳永逸" 的话,有是有的,而 "一劳永逸" 的事却极少<br><br>
来源:https://www.cnblogs.com/panwenbin-logs/p/17440016.html
頁:
[1]