Tomcat配置HTTP协议转HTTPS协议
2024-06-20 23:59:59
目录
一、利用jdk生成证书
1.1命令行进入jdk/bin目录(..Java\jdk1.8.0_121\bin),输入
1.2根据命令提示输入信息
1.3把E盘生成的证书拷贝到tomcat\conf下面
二、修改tomcat配置文件conf\server.xml
2.1 把配置文件中本来注释着的这行代码释放出了,并且增加两个属性
2.2 把下面一行代码注释掉
三、重启tomcat,访问https://192.168.0.110:8443/projectName即可
四、修改https端口号
五、设置只允许https访问
参考文档
附录(server.xml例子)
具体操作分为两个步骤生成证书和修改tomcat配置
一、利用jdk生成证书
1.1命令行进入jdk/bin目录(..Java\jdk1.8.0_121\bin),输入
keytool -genkeypair -alias "tomcat" -keyalg "RSA" -storepass "123456" -validity 36500 -keystore "E:\tomcat.keystore"|
各个参数说明: -genkeypair 生成密钥对 -alias 别名 -keyalg 加密算法 -storepass 密码 -validity 有效时间(以天为单位) -keystore 密钥库文件存放位置 |
1.2根据命令提示输入信息
1.3把E盘生成的证书拷贝到tomcat\conf下面
二、修改tomcat配置文件conf\server.xml
2.1 把配置文件中本来注释着的这行代码释放出了,并且增加两个属性
<Connector URIEncoding="UTF-8" SSLEnabled="true" clientAuth="false"
keystoreFile="conf/tomcat.keystore" keystorePass="123456"
maxThreads="150" port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" sslProtocol="TLS"/>
注意:
org.apache.coyote.http11.Http11AprProtocol 改为 org.apache.coyote.http11.Http11NioProtocol
其中,keystoreFile是上一步生成的证书文件地址,keystorePass是上一步的密钥库口令。
2.2 把下面一行代码注释掉
<!--<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />-->三、重启tomcat,访问https://192.168.0.110:8443/projectName即可
四、修改https端口号
需要修改server.xml里面的两个地方。
默认端口为443。访问项目时,可以不加端口号。https://192.168.0.110/projectName
五、设置只允许https访问
在tomcat的web.xml的</welcome-file-list>后面加上这段话,访问http的连接即可自动跳转到https的连接
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> 参考文档
Tomcat配置HTTP转HTTPS_wqh0830的博客-CSDN博客
附录(server.xml例子)
windows环境下tomcat8的配置文件server.xml,仅供参考
<?xml version="1.0" encoding="UTF-8"?>
<!--Licensed to the Apache Software Foundation (ASF) under one or morecontributor license agreements. See the NOTICE file distributed withthis work for additional information regarding copyright ownership.The ASF licenses this file to You under the Apache License, Version 2.0(the "License"); you may not use this file except in compliance withthe License. You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.
--><!-- Note: A "Server" is not itself a "Container", so you may notdefine subcomponents such as "Valves" at this level.Documentation at /docs/config/server.html--><Server port="8006" shutdown="SHUTDOWN"><Listener className="org.apache.catalina.startup.VersionLoggerListener"/><!-- Security listener. Documentation at /docs/config/listeners.html<Listener className="org.apache.catalina.security.SecurityListener" />--><!--APR library loader. Documentation at /docs/apr.html --><!-- <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>--><!-- Prevent memory leaks due to use of particular java/javax APIs--><Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/><Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/><Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/><!-- Global JNDI resourcesDocumentation at /docs/jndi-resources-howto.html--><GlobalNamingResources><!-- Editable user database that can also be used byUserDatabaseRealm to authenticate users--><Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/></GlobalNamingResources><!-- A "Service" is a collection of one or more "Connectors" that sharea single "Container" Note: A "Service" is not itself a "Container",so you may not define subcomponents such as "Valves" at this level.Documentation at /docs/config/service.html--><Service name="Catalina"><!--The connectors can use a shared executor, you can define one or more named thread pools--><!--<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"maxThreads="150" minSpareThreads="4"/>--><!-- A "Connector" represents an endpoint by which requests are receivedand responses are returned. Documentation at :Java HTTP Connector: /docs/config/http.htmlJava AJP Connector: /docs/config/ajp.htmlAPR (HTTP/AJP) Connector: /docs/apr.htmlDefine a non-SSL/TLS HTTP/1.1 Connector on port 8080--><Connector connectionTimeout="20000" port="8085" protocol="HTTP/1.1" redirectPort="8443"/><!-- A "Connector" using the shared thread pool--><!--<Connector executor="tomcatThreadPool"port="8080" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" />--><!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443This connector uses the NIO implementation. The defaultSSLImplementation will depend on the presence of the APR/nativelibrary and the useOpenSSL attribute of theAprLifecycleListener.Either JSSE or OpenSSL style configuration may be used regardless ofthe SSLImplementation selected. JSSE style configuration is used below.--><!--<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"maxThreads="150" SSLEnabled="true"><SSLHostConfig><Certificate certificateKeystoreFile="conf/localhost-rsa.jks"type="RSA" /></SSLHostConfig></Connector>--><!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2This connector uses the APR/native implementation which always usesOpenSSL for TLS.Either JSSE or OpenSSL style configuration may be used. OpenSSL styleconfiguration is used below.--><Connector URIEncoding="UTF-8" SSLEnabled="true" clientAuth="false"
keystoreFile="conf/tomcat.keystore" keystorePass="123456"
maxThreads="150" port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" sslProtocol="TLS"/><!-- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /><SSLHostConfig><Certificate certificateKeyFile="conf/localhost-rsa-key.pem"certificateFile="conf/localhost-rsa-cert.pem"certificateChainFile="conf/localhost-rsa-chain.pem"type="RSA" /></SSLHostConfig></Connector>--><!--<Connector URIEncoding="UTF-8" SSLEnabled="true" clientAuth="false"
keystoreFile="conf/tomcat.keystore" keystorePass="123456"
maxThreads="150" port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" sslProtocol="TLS"/>--><!-- Define an AJP 1.3 Connector on port 8009 --><!--<Connector protocol="AJP/1.3"address="::1"port="8009"redirectPort="8443" />--><!-- An Engine represents the entry point (within Catalina) that processesevery request. The Engine implementation for Tomcat stand aloneanalyzes the HTTP headers included with the request, and passes themon to the appropriate Host (virtual host).Documentation at /docs/config/engine.html --><!-- You should set jvmRoute to support load-balancing via AJP ie :<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">--><Engine defaultHost="localhost" name="Catalina"><!--For clustering, please take a look at documentation at:/docs/cluster-howto.html (simple how to)/docs/config/cluster.html (reference documentation) --><!--<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>--><!-- Use the LockOutRealm to prevent attempts to guess user passwordsvia a brute-force attack --><Realm className="org.apache.catalina.realm.LockOutRealm"><!-- This Realm uses the UserDatabase configured in the global JNDIresources under the key "UserDatabase". Any editsthat are performed against this UserDatabase are immediatelyavailable for use by the Realm. --><Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/></Realm><Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"><!-- SingleSignOn valve, share authentication between web applicationsDocumentation at: /docs/config/valve.html --><!--<Valve className="org.apache.catalina.authenticator.SingleSignOn" />--><!-- Access log processes all example.Documentation at: /docs/config/valve.htmlNote: The pattern used is equivalent to using pattern="common" --><Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/><Context docBase="cps" path="/cps" reloadable="false" source="org.eclipse.jst.j2ee.server:cps"/></Host></Engine></Service>
</Server>Tomcat配置HTTP协议转HTTPS协议相关推荐
- 在Tomcat下http协议转https协议
Tomcat下http协议转https协议,在腾讯云下载的免费SSL证书 最近在搞微信小程序的支付问题,但是调用支付接口的规则是传输规则是必须为https传输,因为我本身是Javaweb项目,发布在T ...
- 网络编程知识预备(4) ——了解应用层的HTTP协议与HTTPS协议
参考:简单了解HTTP协议与HTTPS协议 作者:丶PURSUING 发布时间: 2021-03-15 10:55:13 网址:https://blog.csdn.net/weixin_4474282 ...
- 什么是HTTPS协议?HTTPS协议优势有哪些?
我们在浏览网站的时候会发现有的网站URL是以HTTP开头,而有的是以HTTPS开头的,通常网站的URL会分为两部分:通信协议和域名地址.域名地址我们好理解,不同的域名对应着不同网站和页面,而通信协议简 ...
- PB使用http协议、https协议(简单便捷)
PB使用HTTP协议.HTTPS协议 PB自身也有http组件,但使用起来较为繁琐.VDN作者将http功能通过API的形式封装为HttpClient组件,PB直接调用即可,支持http及https协 ...
- HTTP协议,HTTPS协议,SSL/TLS协议概述
HTTP协议,HTTPS协议,SSL/TLS协议概述 1. 什么是HTTP协议 HTTP(Hyper Text Transfer Protocol,HTTP)协议超文本传输协议,是一个基于请求与响 ...
- 说说 Http协议与https协议区别
Http协议与https协议区别: 1:https协议需要到ca申请证书,一般免费的证书比较少,一般都需要交费 2:http是超文本传输,信息是文明 传输,https则具备有安全性的ssl加密传输协议 ...
- springboot配置SSL证书设置https协议访问的端口
配置SSL证书需要证书文件 和 密钥 1. 将证书文件移动到resources目录下 2. 在yml配置文件中配置如下: server:port: 443 #服务端口ssl:key-store: cl ...
- 10停止nginx命令 win_Linux下配置Nginx并使用https协议
环境 Centos7.6nginx-1.17.0 下载 官网:http://nginx.org/download/nginx-1.17.0.tar.gz 环境确认 在安装nginx前首先要确认系统中是 ...
- 项目上线,部署到服务器(腾讯服务器),http协议及https协议(微信小程序必须https协议才可发布)、Nginx配置
一.准备服务器: 1.选择自己的服务器,这里有很多服务器比如,阿里服务器,腾讯服务器等,这里我选择腾讯服务器做测试,其官网:https://cloud.tencent.com/,微信扫码登录后如下进入 ...
最新文章
- 1.1 为什么选择序列模型-深度学习第五课《序列模型》-Stanford吴恩达教授
- 最小生成树之Kruskal
- 字符串匹配手机号码的正则表达式(原创,适应所有条件)
- JVM调优总结(六)-分代垃圾回收详述2
- java canvas 缩放图片_详解如何用HTML5 Canvas API控制图片的缩放变换
- redis发布订阅c接口_Redis 发布/订阅机制原理分析
- icmp时间戳请求和应答程序实现_ICMP报文详解之ping实现
- 转:Java中子类是否可以继承父类的static变量和方法而呈现多态特性
- IOS开发之实现App消息推送(最新)
- 安卓手机小说阅读器_粉笔免费小说阅读器app下载-粉笔免费小说阅读器APP手机版v1.0.1...
- 解决 c++ 字符转转浮点型数据且保留所有小数
- html为知笔记模板,为知笔记,模板制作.doc
- react加水印_图片添加水印
- 实施质量保证和控制质量的区别
- ubuntu 18.04下greenplum安装笔记(二)安装Greenplum的失败的尝试
- java web 播放音频_用webAudio和canvas实现音频可视化
- 一图了解群、交换群、环、交换环、整环、域的区别与联系
- 监督学习(supervised learning)与非监督学习(unsupervised learning)
- Retrofit请求时动态切换IP
- Orbit Downloader 1.5.4多国语言版