tomcat 配置支持 ssl 附效果图

1、修改tomcat配置文件server.xml:

bash 复制代码
vim ./conf/server.xml

把配置文件:

bash 复制代码
	
    <Connector port="8088" Server=" "  protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" URIEncoding="UTF-8" maxHttpHeaderSize="65536" maxPostSize="4194304"
			   compression="on" 
			   noCompressionUserAgents="gozilla,traviata"                          compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/x-javascript,application/xml,application/javascript,application/xhtml+xml,x-font/otf,application/x-font-woff,x-font/ttf,x-font/eot"/>
   

禁用:

bash 复制代码
<!--
    <Connector port="8088" Server=" "  protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" URIEncoding="UTF-8" maxHttpHeaderSize="65536" maxPostSize="4194304"
			   compression="on" 
			   noCompressionUserAgents="gozilla,traviata"                          compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/x-javascript,application/xml,application/javascript,application/xhtml+xml,x-font/otf,application/x-font-woff,x-font/ttf,x-font/eot"/>
-->

2、server.xml单独开放一个端口,原来注释的,改造一下,并放出来:

bash 复制代码
    <Connector port="8088" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/youdomainfile.com.jks"
                         type="RSA"  certificateKeystorePassword="asdf2024" />
        </SSLHostConfig>
    </Connector>

3、server.xml中 AJP 1.3 Connector on port 8009相关

原来是注释的,我把他打开:

bash 复制代码
    <!-- Define an AJP 1.3 Connector on port 8009 -->
    
    <Connector protocol="AJP/1.3"
               address="::1"
               port="8009"
               redirectPort="8088" />
    

4、web.xml文件中:

原来末尾是:

bash 复制代码
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

      <security-constraint>
	     <web-resource-collection>
    		<web-resource-name>fortune</web-resource-name>
	    	<url-pattern>/*</url-pattern>
	    	<http-method>PUT</http-method>
	    	<http-method>DELETE</http-method>
	    	<http-method>HEAD</http-method>
	    	<http-method>OPTIONS</http-method>
	    	<http-method>TRACE</http-method>

		</web-resource-collection>
		<auth-constraint></auth-constraint>
	     </security-constraint>

      <login-config>
	        <auth-method>BASIC</auth-method>
      </login-config>
</web-app>

改成这样子:

bash 复制代码
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

      <security-constraint>
	     <web-resource-collection>
		<web-resource-name>fortune</web-resource-name>
		<url-pattern>/*</url-pattern>
		<http-method>PUT</http-method>
		<http-method>DELETE</http-method>
		<http-method>HEAD</http-method>
		<http-method>OPTIONS</http-method>
		<http-method>TRACE</http-method>

         <web-resource-name >SSL</web-resource-name>
		<url-pattern>/*</url-pattern>

		</web-resource-collection>

		<user-data-constraint>
		    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
	    </user-data-constraint>
		
<auth-constraint></auth-constraint>
	     </security-constraint>
             <login-config>
                <!--	<auth-method>BASIC</auth-method> -->
                <!-- Authorization setting for SSL -->
            	<auth-method>CLIENT-CERT</auth-method>
            	<realm-name>Client Cert Users-only Area</realm-name>

              </login-config>
</web-app>

上述即可实现用Ip的访问:http://10.10.8.91:8088/

如果出现提示,

复制代码
Bad Request
This combination of host and port requires TLS.

则用https访问即可,但是仍然有"不安全"的提示,

5、设置用域名即可完美实现安全访问:

5.1服务器端:

之前tomcat\conf\server.xml

bash 复制代码
    <Engine name="Catalina" defaultHost="localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
  unpackWARs="true" autoDeploy="true">

改成:

bash 复制代码
    <Engine name="Catalina" defaultHost="kkk.yourdomain.com">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="kkk.yourdomain.com"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

5.2客户端dns配置:

另我在本机的C:\Windows\System32\drivers\etc\hosts

10.10.8.91 kkk.yourdomain.com

最终:可实现完美安全访问:

https://kkk.yourdomain.com:8088

后经朋友提醒,web.xml不改也行,我就没继续测试了,大家可酌情考虑。

相关推荐
matlab的学徒12 小时前
Web与Nginx网站服务(改)
linux·运维·前端·nginx·tomcat
云动雨颤14 小时前
Spring Boot配置优化:Tomcat+数据库+缓存+日志,全场景教程
数据库·spring boot·tomcat
森林-20 小时前
MyBatis 从入门到精通(第一篇)—— 框架基础与环境搭建
java·tomcat·mybatis
ZzzZZzzzZZZzzzz…1 天前
Nginx_Tomcat综合案例
运维·nginx·tomcat·负载均衡·rhce·反向代理·https加密服务
潇I洒1 天前
若依4.8.1打包war后在Tomcat无法运行,404报错的一个解决方法
java·tomcat·ruoyi·若依·404
心灵宝贝2 天前
Tomcat Connectors 1.2.37 源码编译安装教程(mod_jk 详细步骤)
java·tomcat
娅娅梨2 天前
HarmonyOS-ArkUI Web控件基础铺垫7-HTTP SSL认证图解 及 Charles抓包原理 及您为什么配置对了也抓不到数据
http·华为·ssl·harmonyos
脑子慢且灵2 天前
[JavaWeb]模拟一个简易的Tomcat服务(Servlet注解)
java·后端·servlet·tomcat·intellij-idea·web
liweiweili1263 天前
记录线上数据上传提示网络连接异常的故障
nginx·tomcat
影子24013 天前
java jdbc连接sqlserver2008R2版本数据库报错,驱动程序无法通过使用安全套接字层(SSL)加密与 SQL Server 建立安全连接
java·数据库·ssl