1、生成keystore文件
keytool -v -genkey -alias tomcat -keyalg RSA -keystore /home/test/my.keystore
在生成keystore的过程中,要输入一些站点信息和密码,并要求再次核对密码
2、编辑tomcat/conf/server.xml
找到对应的connector,取消注释,并且写入keystore文件路径和密码
1 2 3 4 5 | <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/home/test/my.keystore" keystorePass="123456"/> |
3、强制HTTP转HTTPS 对工程的web.xml进行修改,加入:
1 2 3 4 5 6 7 8 9 | <security-constraint> <web-resource-collection> <web-resource-name>OPENSSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> |
4、禁用不安全的http方法 在tomcat/conf/web.xml最后加上一个节点
1 2 3 4 5 6 7 8 9 10 11 | <security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint></auth-constraint> </security-constraint> |
除非注明,赵岩的博客文章均为原创,转载请以链接形式标明本文地址
本文地址:https://zhaoyanblog.com/archives/75.html
为什么我这样配置,tomcat总是报端口被占用的错误啊。
那你看下被谁占用了不就行了~