tomcat 多个端口运行多个web项目 https ssl

原创
2016/12/31 21:15
阅读数 1.9K

提示

配置文件:/conf/server.xml 在修改之前,建议备份一次。

基本配置

多个web项目部署在不同的端口,修改tomcat安装目录下的conf/server.xml

<?xml version='1.0' encoding='utf-8'?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>


  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
	   	<Context docBase="F:\test\apache-tomcat-8.0.28\webapps\web1" path="" debug="0"  reloadable="true"/>

      </Host>
    </Engine>
  </Service>

  <Service name="web2">
	<Connector port="8081" protocol="HTTP/1.1" redirectPort="8443"
		connectionTimeout="20000" />
      <Engine name="web2" defaultHost="localhost">
		<Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
	  <Host name="localhost" appBase="webapps/test" unpackWARs="true" autoDeploy="true">
          <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
		  <Context path="" docBase="F:\test\apache-tomcat-8.0.28\webapp2\web2" reloadable="true"/>
             </Host>
         </Engine>
    </Service>
</Server>

https配置

这里使用阿里云提供的免费证书,入口:阿里云控制台->证书服务 按照提示购买免费证书,信息补全->输入绑定的域名->填写个人信息(域名验证类型选择dns,并勾选下面的选项自动添加cname)->提交->使用自动生成->下载证书,按照阿里云给出的提示配置。 在server.xml中添加mainWeb项目到80端口:

  <Service name="mainWeb">
	<Connector port="80" protocol="HTTP/1.1" redirectPort="8443"
		connectionTimeout="20000" />
      <Engine name="mainWeb" defaultHost="localhost">
		<Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
	  <Host name="localhost" appBase="webapps/mainWeb" unpackWARs="true" autoDeploy="true">
          <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
		  <Context path="" docBase="mainWeb exploded的地址" reloadable="true"/>
             </Host>
         </Engine>
    </Service>
</Server>

使用ssl,可以通过8443访问https

<Service name="mainWeb">
<Connector port="8443"
    protocol="HTTP/1.1"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="cert/密码.pfx"
    keystoreType="PKCS12"
    keystorePass="密码"
    clientAuth="false"
    ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4"
/>
      <Engine name="mainWeb" defaultHost="localhost">
		<Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
	  <Host name="localhost" appBase="webapps/mainWeb" unpackWARs="true" autoDeploy="true">
          <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
		  <Context path="" docBase="mainWeb exploded的地址" reloadable="true"/>
             </Host>
         </Engine>
    </Service>
</Server>

使用80端口

<Service name="mainWeb">
	<Connector port="80" protocol="HTTP/1.1" redirectPort="443"
		connectionTimeout="20000" />
<Connector port="443"
    protocol="HTTP/1.1"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="cert/密码.pfx"
    keystoreType="PKCS12"
    keystorePass="密码"
    clientAuth="false"
    ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4"
/>
      <Engine name="mainWeb" defaultHost="localhost">
		<Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
	  <Host name="localhost" appBase="webapps/mainWeb" unpackWARs="true" autoDeploy="true">
          <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
		  <Context path="" docBase="mainWeb exploded的地址" reloadable="true"/>
             </Host>
         </Engine>
    </Service>
</Server>

另外在web.xml中配置:

<security-constraint>

     <!-- Authorization setting for SSL -->

<web-resource-collection>

<web-resource-name>OPENSSL</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>
展开阅读全文
打赏
1
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
1
分享
返回顶部
顶部