tomcat9配置https并强制http跳转到https<原创>

ZHUWEI
2019-12-03 09:52:38
3137 赞(0) 踩(0)

tomcat9配置https并强制http跳转到https

1,配置https

修改tomcat目录下的conf/server.xml

<Connector port="443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
URIEncoding="utf-8"
connectionTimeout="20000"
enableLookups="false"
maxPostSize="10485760"
maxConnections="10000"

    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="C:\xxx\cert\xx_xxx.pfx"
    keystorePass="xxxx"
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

这一步配置正确的话就可以使用https访问了


2,访问http时强制跳转到https

1)由于http默认端口是80所以需要配置80端口的跳转

修改tomcat目录下的conf/server.xml

<Connector port="80" protocol="org.apache.coyote.http11.Http11NioProtocol" 
                    redirectPort="443" 
                    URIEncoding="utf-8"/>

如果用到了AJP那么也需要修改AJP的跳转配置

<Connector port="8009" enableLookups="false" redirectPort="443" protocol="AJP/1.3" /> 


2)单单上面这样配置还是跳转不了的,还需要在文件conf/web.xml中添加如下几行配置


<welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

<login-config>
  <!-- Authorization setting for SSL -->
  <auth-method>CLIENT-CERT</auth-method>
  <realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
  <!-- Authorization setting for SSL -->
  <web-resource-collection >
    <web-resource-name >SSL</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

即在</welcome-file-list>后面增加粗体显示部分的几行代码即可

至此TOMCAT HTTPS粗体验完成

↑TOP