tomcat配置重定向_在Tomcat上配置SSL以及从HTTP到HTTPS的设置自动重定向的步骤

tomcat配置重定向

Secured Socket Layer (SSL) is the cryptography protocol to provide message security over the Internet. It works on the notion of Private and Public keys and messages are encrypted before sending it over the network.

安全套接字层（SSL）是用于通过Internet提供消息安全性的加密协议。 它适用于私钥和公钥的概念，并且消息在通过网络发送之前已加密。

To configure SSL on Tomcat, we need a digital certificate that can be created using Java keytool for the development environment. For the production environment, you should get the digital certificate from SSL certificate providers, for example, Verisign, Entrust, Lets’ Encrypt.

要在Tomcat上配置SSL，我们需要一个数字证书，可以使用Java keytool为开发环境创建一个数字证书。 对于生产环境，您应该从SSL证书提供者那里获得数字证书，例如Verisign，Entrust和Lets'Encrypt。

创建SSL证书 (Creating SSL Certificate)

Follow the below steps to create your own digital certificate.

请按照以下步骤创建自己的数字证书。

$ keytool -genkey -alias tomcat -keyalg RSA -keystore mycertificate.cert
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Pankaj Kumar
What is the name of your organizational unit?
  [Unknown]:  Dev
What is the name of your organization?
  [Unknown]:  JournalDev
What is the name of your City or Locality?
  [Unknown]:  Bangalore
What is the name of your State or Province?
  [Unknown]:  Karnataka
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Pankaj Kumar, OU=Dev, O=JournalDev, L=Bangalore, ST=Karnataka, C=IN correct?
  [no]:  Yes

Enter key password for <tomcat>
	(RETURN if same as keystore password):
Re-enter new password:
$ ls
mycertificate.cert

I have used the password “changeit” for Keystore and key but you can use whatever you want.

我已经为密钥库和密钥使用了密码“ changeit”，但是您可以使用任何您想使用的东西。

Now our digital certificate is ready and the next step is to enable HTTPS communication port in Tomcat and set it to use our digital certificate for providing SSL support.

现在我们的数字证书已准备就绪，下一步是在Tomcat中启用HTTPS通信端口，并将其设置为使用我们的数字证书提供SSL支持。

Tomcat HTTPS (Tomcat HTTPS)

To enable SSL open ~Tomcat_Installation/conf/server.xml file and uncomment following line:

要启用SSL，请打开~Tomcat_Installation/conf/server.xml文件并取消注释以下行：

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               keystoreFile="/Users/Pankaj/tomcat/conf/mycertificate.cert"
	       clientAuth="false" sslProtocol="TLS" />

To avoid any misplacement of the certificate, I have put that in the tomcat conf directory. Now restart Tomcat and try to access any web application over https with port 8443.

为了避免证书放错地方，我将其放在了tomcat conf目录中。 现在，重新启动Tomcat，并尝试使用端口8443通过https访问任何Web应用程序。

Tomcat重定向HTTP到HTTPS (Tomcat Redirect HTTP to HTTPS)

So we can access any web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.

因此，我们可以在HTTP和HTTPS端口上访问任何Web应用程序。 我们可以设置tomcat以通过一些配置将所有HTTP请求重定向到HTTPS端口。

1. In ~TomcatInstallation/conf/server.xmlFor HTTP Connector, set the redirect port to the HTTPS connector port. It will look somewhat like this:

   <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
       <Connector port="8090" maxHttpHeaderSize="8192"
                  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                  enableLookups="false" redirectPort="8443" acceptCount="100"
                  connectionTimeout="20000" disableUploadTimeout="true" />
   </pre>
   </li>
   <li>In ~TomcatInstallation/conf/web.xml
   
   Add below configuration but make sure to add it after all the servlet-mapping tags.
   
   <pre>
   <!-- added by Pankaj for automatic redirect from HTTP to HTTPS -->
   <security-constraint>
   <web-resource-collection>
   <web-resource-name>Entire Application</web-resource-name>
   <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
   </security-constraint>

   在~TomcatInstallation/conf/server.xml对于HTTP连接器，将重定向端口设置为HTTPS连接器端口。 看起来会像这样：

Restart the tomcat now and all the HTTP requests will automatically be redirected to HTTPS i.e https://localhost:8080/axis2 will be automatically redirected to https://localhost:8443/axis2

立即重新启动tomcat，所有HTTP请求将自动重定向到HTTPS，即https：// localhost：8080 / axis2将自动重定向到https：// localhost：8443 / axis2

Note: If you don’t want to provide ports in the URLs, then use 80 for HTTP and 443 for HTTPS. In that case, you can skip the first step to automatically redirect HTTP requests to HTTPS because it will automatically pick the default port 443.

注意 ：如果您不想在URL中提供端口，则对HTTP使用80，对HTTPS使用443。 在这种情况下，您可以跳过第一步以将HTTP请求自动重定向到HTTPS，因为它将自动选择默认端口443。

Update: If you are working on Tomcat, you might be interested in the following posts.

更新：如果您正在使用Tomcat，则可能对以下帖子感兴趣。

• Java Web Application Tutorial
  Java Web应用程序教程
• Java Servlet Tutorial
  Java Servlet教程

翻译自: https://www.journaldev.com/160/steps-to-configure-ssl-on-tomcat-and-setup-auto-redirect-from-http-to-https

tomcat配置重定向