tomcat config https 443

 

• 设置https:

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="cert/your-name.pfx" keystorePass="your password"/>

keystoreFile : cer path

keystorePass：cer password

• 配置80端口,将8080改成80, redirectPort为443 <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="443" />

 

• 配置8009端口重定向 <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

 

• 在 $TOMCAT_HOME/conf/web.xml中在</welcome-file-list　　>后面加入以下配置,禁止http访问

<login-config>

<!-- Authorization setting for SSL -->

<auth-method>CLIENT-CERT</auth-method>

<realm-name>Client Cert Users-only Area</realm-name>

</login-config>

<security-constraint>

<!-- Authorization setting for SSL -->

<web-resource-collection >

<web-resource-name >SSL</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>