域名解析
tomcat参考文档:
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig
配置单个域名的Https(tomcat/conf/server.xml):
<?xml version="1.0" encoding="UTF-8"?> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" keystoreFile="Tomcat 安装目录/conf/cloud.tencent.com.jks" keystorePass="******" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <Engine name="Catalina" defaultHost="cloud.tencent.com"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="cloud.tencent.com" appBase="webapps" unpackWARs="true" autoDeploy="true" > <Context path="" docBase ="Knews" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host> </Engine> </Service> </Server>
配置多个域名的Https(tomcat/conf/server.xml):
./shutdown.sh (关闭 Tomcat 服务)
./startup.sh (启动 Tomcat 服务)
./configtest.sh(确认配置是否存在问题)
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" defaultSSLHostConfigName="cn86trading.com">
<!--开启多域名ssl证书-->
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig hostName="cn86trading.com"> <Certificate certificateKeystoreFile="conf/cn86trading.com.jks" certificateKeystorePassword="twhbt2wuceg88" type="RSA"/> </SSLHostConfig> <SSLHostConfig hostName="shoes.cn86trading.com"> <Certificate certificateKeystoreFile="conf/shoes.cn86trading.com.jks" certificateKeystorePassword="2k34l0kc94" type="RSA"/> </SSLHostConfig> </Connector>
强制使http跳转至https
tomcat/conf/web.xml 最后面添加如下内容:请在结束标签 </welcome-file-list> 后面换行,并添加以下内容:
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection> <web-resource-name>SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
修改tomcat/conf/server.xml为如下内容:
<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" />
