Tomcat Build HTTPS Service

Usually do their own web demo is basically to use the HTTP protocol to access.

However, the formal situation is basically HTTPS access, so it is critical to master the configuration of HTTPS.

Materials to be prepared:

A remote server that can be accessed outside the network

Tomcat 8.5

Java environment (self-Baidu installation process and configuration environment variables)

Web Project War package (optional)

The first step:

After you configure the Java environment on a remote server, you install Tomcat:

For details, see (Tomcat installation, configuration, use): https://www.cnblogs.com/longLifeFrog/articles/8612260.html

The process is windows, but LUnix is similar, the idea is basically the same, you can Baidu search related installation process

Step Two:

Since I have this remote server open 2 ports 8080 and 443.

So this step is to complete the project with Tomcat deploying 2 different ports.

First copy the WebApps folder and the Catalina folder below the Conf folder, as shown in:

　　

　　

The next step is to modify conf/server.xml:

　　

The code is as follows:

<?XML version= "1.0" encoding= "UTF-8"?><ServerPort= "8005"shutdown= "SHUTDOWN">  <ListenerClassName= "Org.apache.catalina.startup.VersionLoggerListener" />  <ListenerClassName= "Org.apache.catalina.core.AprLifecycleListener"Sslengine= "On" />    <ListenerClassName= "Org.apache.catalina.core.JreMemoryLeakPreventionListener" />  <ListenerClassName= "Org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />  <ListenerClassName= "Org.apache.catalina.core.ThreadLocalLeakPreventionListener" />  <globalnamingresources>    <Resourcename= "Userdatabase"Auth= "Container"type= "Org.apache.catalina.UserDatabase"Description= "User database that can be updated and saved"Factory= "Org.apache.catalina.users.MemoryUserDatabaseFactory"Pathname= "Conf/tomcat-users.xml" />  </globalnamingresources>  <Servicename= "Catalina">    <!--HTTP Configuration -   <ConnectorPort= "8080"Protocol= "http/1.1"ConnectionTimeout= "20000"Redirectport= "8443" />        <ConnectorPort= "8009"Protocol= "ajp/1.3"Redirectport= "8443" />    <Enginename= "Catalina"Defaulthost= "localhost">      <RealmClassName= "Org.apache.catalina.realm.LockOutRealm">        <RealmClassName= "Org.apache.catalina.realm.UserDatabaseRealm"resourcename= "Userdatabase"/>      </Realm>      <Hostname= "localhost"AppBase= "WebApps"Unpackwars= "true"Autodeploy= "true">        <ValveClassName= "Org.apache.catalina.valves.AccessLogValve"Directory= "Logs"prefix= "Localhost_access_log"suffix= ". txt"pattern= "%h%l%u%t &quot;%r&quot;%s%b" />      </Host>    </Engine>  </Service>    <Servicename= "Catalina2">    <ConnectorPort= "443"Protocol= "http/1.1"ConnectionTimeout= "20000"MaxThreads= "Max"Redirectport= "8443"sslenabled= "true"Scheme= "https"Secure= "true"ClientAuth= "false"Sslprotocol= "TLS"Keystorefile= "C:\Program files\apache software foundation\tomcat 8.5\www.xxxx.com.jks"Keystorepass= "xxxxxx"                />    <ConnectorPort= "8009"Protocol= "ajp/1.3"Redirectport= "8443" />    <Enginename= "Catalina2"Defaulthost= "localhost">      <RealmClassName= "Org.apache.catalina.realm.LockOutRealm">        <RealmClassName= "Org.apache.catalina.realm.UserDatabaseRealm"resourcename= "Userdatabase"/>      </Realm>      <Hostname= "localhost"AppBase= "WEBAPPS2"Unpackwars= "true"Autodeploy= "true">        <ValveClassName= "Org.apache.catalina.valves.AccessLogValve"Directory= "Logs"prefix= "Localhost_access_log"suffix= ". txt"pattern= "%h%l%u%t &quot;%r&quot;%s%b" />      </Host>    </Engine>  </Service></Server>

The 8080 port is in HTTP form, and if you want to change it to HTTPS, you can refer to the 443 port configuration.

description of the attribute in the connector tag:ClientAuth: Set whether bidirectional authentication, default = False, set to True for bidirectional authenticationkeystorefile: Server certificate file pathkeystorepass: Server certificate Passwordtruststorefile: The root certificate used to authenticate the client certificate, in this case the server certificate (although not used, but is used since the issue)truststorepass: Root certificate password (although not used, but is used since the issue)

Www.xxxx.com.jks is the certificate obtained from the authority, Keystorepass fill in the corresponding password.

Step Three:

Copy the project to WebApps and WEBAPPS2, and then run startup, Access. This will be a success.

Add:

　　1, HTTP automatic jump HTTPS security configuration:

to Web. XML under the Conf directory. In the back of </welcome-file-list>, before </web-app>, which is the penultimate paragraph, add this paragraph:

<Login-config>        <!--Authorization setting for SSL -        <Auth-method>Client-cert</Auth-method>        <Realm-name>Client Cert users-only Area</Realm-name>    </Login-config>    <Security-constraint>        <!--Authorization setting for SSL -        <web-resource-collection>            <Web-resource-name>Ssl</Web-resource-name>            <Url-pattern>/*</Url-pattern>        </web-resource-collection>        <User-data-constraint>            <Transport-guarantee>Confidential</Transport-guarantee>        </User-data-constraint>    </Security-constraint>

The results are as follows:

　　

This step is to allow non-SSL connector to jump to SSL connector. So you also need to go to Server.xml for configuration:

<port= "8080"  protocol= "http/1.1"connectiontimeout = "20000" Redirectport = "443" />

Redirectport changed to SSL for connector port 443, after rebooting tomcat it will take effect.

The above is the HTTPS configuration method for the authoritative certificate.

Tomcat Build HTTPS Service