快速安装Tomcat 并实现HTTPS访问
HTTPS,在HTTP下加了一层SSL,用于安全的HTTP数据传输,对于数据敏感的网址必须要使用HTTPS协议,本文将介绍如何快速安装Tomcat,并实现HTTPS访问。安装Tomcat
安装tomcat必须得有java环境,所以先安装JDK;
1、安装JDK
# rpm -ivh jdk-8u161-linux-x64.rpm
Preparing... ###########################################
1:jdk1.8 ###########################################
Unpacking JAR files...
tools.jar...
plugin.jar...
javaws.jar...
deploy.jar...
rt.jar...
jsse.jar...
charsets.jar...
localedata.jar...
#
2、添加Java系统环境变量
# cat /etc/profile.d/java.sh
export JAVA_HOME=/usr/java/latest
export PATH=$JAVE_HOME/bin:$PATH
#
3、加载环境变量
# . /etc/profile.d/java.sh
4、查看JDK是否安装成功
# java -version
java version "1.8.0_161"
Java(TM) SE Runtime Environment (build 1.8.0_161-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)
#
5、安装Tomcat
# tar-zxf apache-tomcat-8.0.50.tar.gz-C /usr/local/
6、创建软连接
# ln -s /usr/local/apache-tomcat-8.0.50/ /usr/local/tomcat
7、添加Tomcat系统环境变量
# cat /etc/profile.d/tomcat.sh
export CATALINA_HOME=/usr/local/tomcat
export PATH=$CATALINA_HOME/bin:$PATH
8、加载环境变量
# . /etc/profile.d/tomcat.sh
9、测试是否生效
# catalina.sh version
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/latest
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Server version: Apache Tomcat/8.0.50
Server built: Feb 7 2018 20:06:05 UTC
Server number:8.0.50.0
OS Name: Linux
OS Version: 2.6.32-642.6.2.el6.x86_64
Architecture: amd64
JVM Version: 1.8.0_161-b12
JVM Vendor: Oracle Corporation
#
10、启动Tomcat服务
# catalina.shstart
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/latest
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Tomcat started.
11、测试访问
Tomcat默认端口为8080,所以访问时使用IP+8080访问即可;
http://i2.运维网.com/images/blog/201804/13/6bb83a2c54ab2b25685f7cedb0914a20.png
★ 到这里,Tomcat就安装完成了,但是只是默认环境,还需要根据需求自定义配置;
实现HTTPS访问
1、添加域名解析
到自己的域名解析商处,添加一条A记录指向你的服务器IP即可;
2、申请证书
使用刚才添加的域名申请一个SSL证书;
3、上传证书
在tomcat目录新建一个ssl目录,将证书文件上传到这个目录;
# cd /usr/local/tomcat/
# mkdir ssl
# rz
4、修改server.xml
VIM打开server.xml,添加ssl连接器,在8080端口连接器下面添加如下配置:
注意:
keystoreFile :证书存放目录,可以写绝对路径或Tomcat相对路径;
keystorePass:证书私钥密码;
5、修改HOST配置
## 这里指定的localhost是默认HOST的名称,修改为证书绑定的域名即可
★这里只需要将里两个localhost修改为证书绑定域名即可,也就是是将该域名与此HOST绑定;
6、重启Tomcat服务
# catalina.sh stop
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/latest
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
# catalina.sh start
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/latest
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Tomcat started.
7、查询端口是否监听
# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 1 127.0.0.1:8005 *:*
LISTEN 0 100 *:8009 *:*
LISTEN 0 100 *:8080 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 100 *:443 *:*
#
8、测试访问
使用https://YourDomain/ 来访问;
http://i2.运维网.com/images/blog/201804/13/088027e012340e15fd1e5afa3841f6fd.png
★用浏览器访问显示小绿锁,F12查看,提示:This is secure (valid HTTPS),说明证书已经配置成功;
配置HTTP自动跳转到HTTPS
上面我们实现了HTTPS访问,但是客户使用http访问,还是会走http协议,依然是不安全的,没有达到我们的需求,下面配置HTTP自动跳转到HTTPS;
1、修改web.xml
在后面,也就是倒数第二行里,加上如下配置:
CLIENT-CERT
Client Cert Users-only Area
SSL
/*
CONFIDENTIAL
2、修改sever.xml
修改非SSL连接器的请求跳转到SSL连接器上,修改如下配置:
原来为:
修改为:
★将默认8080端口修改为80端口,访问时就不需要加8080端口了,因为HTTP协议默认走的是80端口;
★将8443端口修改为443端口,意思是来自80端口的请求都跳转至443端口;
3、重启服务
# catalina.shstop
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/latest
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
# catalina.shstart
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/latest
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Tomcat started.
4、检测端口
查看端口,发现原来监听的8080端口已经没在了,而是监听的我们上面修改的80端口;
# ss -nlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 *:8009 *:*
LISTEN 3 100 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 100 *:443 *:*
#
5、测试访问
这里我们使用linux下的curl命令测试,能更直观的看到跳转效果;
# curlhttp://YourDomain/-I
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 08:00:00 CST
Location: https://YourDomain/
Transfer-Encoding: chunked
Date: Fri, 13 Apr 2018 16:06:04 GMT
★ 到这里,Tomcat配置HTTP自动跳转HTTPS就已经完成了~
页:
[1]