最新tomcat http 强制跳转 https

不哭 2月前 ⋅ 180 阅读

tomcat http强制301永久跳转https。 全站启用http后经过检测跳转为302临时重定向。翻阅官方文档后发现需要增加transportGuaranteeRedirectStatus=301参数来制定。 下方配置文件中为tomcat http强制跳转https以及同一tomcat多https(域名)项目且不同证书的配置

<?xml version="1.0" encoding="UTF-8"?>

<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>
  <Service name="Catalina">
  
    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />
    
      <!-- 配置证书文件信息  -->
    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               SSLEnabled="true" sslProtocols="TLSv1.1+TLSv1.2">
       <SSLHostConfig>       <!--证书文件所在的目录  -->                             
            <Certificate certificateKeystoreFile="/data/keys/studyjava.cn.pfx" 
                         certificateKeystoreType="PKCS12" certificateKeystorePassword="studyjava" /> 
            <!--配置类型                   刚才password文件里面的密码 -->    
        </SSLHostConfig>
        
        <SSLHostConfig hostName="weixin.studyjava.cn">       <!--证书文件所在的目录  -->                             
            <Certificate certificateKeystoreFile="/data/keys/weixin.studyjava.cn.pfx" 
                         certificateKeystoreType="PKCS12" certificateKeystorePassword="studyjava" /> 
            <!--配置类型                   刚才password文件里面的密码 -->    
        </SSLHostConfig>
    </Connector>

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />


    <Engine name="Catalina" defaultHost="studyjava.cn">

		<!-- tomcat永久配置302跳转 -->
		<!-- transportGuaranteeRedirectStatus=301必须要加,否则默认是302临时跳转 -->
      <Realm className="org.apache.catalina.realm.LockOutRealm" transportGuaranteeRedirectStatus="301">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="studyjava.cn"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
        
        <Host name="weixin.studyjava.cn"  appBase="/tomcat/webapps/weixin" unpackWARs="true" autoDeploy="false">
            <Alias>weixin.studyjava.cn</Alias>
            <Context path="" docBase="/tomcat/webapps/weixin" debug="0" reloadable="true"/>
            <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"  
            prefix="localhost_access_log." suffix=".txt" 
            pattern="%h %l %u %t &quot;%r&quot; %s %b" />
        </Host>
    </Engine>
  </Service>
</Server>


全部评论: 0

    我有话说: