教你如何配置阿里云免费HTTPS证书(Tomcat版)

简介: 在互联网时代,我们生活中不管是衣食住行,早就已经离不开网络了。不过,大部分人只是这些网站的使用者,那么你有没有想过自己建网站呢?个人出于兴趣爱好或者是企业为了宣传推广都可以建立网站,这可以让你的信息迅速展示在互联网上让你的目标群体看到,从而带来大量的客户和财富。

效果图

image.png

第一步:阿里云申请免费的SSL证书

申请免费证书比较简单,坑比较少,故不多说,网上很多相关资料
免费证书支持多个服务器,这里演示的是Tomcat服务器

证书需要绑定你购买的域名

阿里云ssl证书控制中心

image.png
一定要是签发状态

第二步:配置Tomcat

从阿里云SSL控制台下载SSL证书并解压

image.png

把解压的文件放入远程服务器Tomcat目录下的cert目录(新建cert目录)

image.png

进入Tomcat conf目录配置server.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->


    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
                maxHttpHeaderSize="8192"
               redirectPort="443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation. The default
         SSLImplementation will depend on the presence of the APR/native
         library and the useOpenSSL attribute of the
         AprLifecycleListener.
         Either JSSE or OpenSSL style configuration may be used regardless of
         the SSLImplementation selected. JSSE style configuration is used below.
    -->

    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
           <Certificate  certificateKeystoreFile="/usr/local/tomcat/apache-tomcat-8.5.30/cert/证书名字.pfx"
                         certificateKeystoreType="PKCS12" 
                         certificateKeystorePassword="证书密码" />
        </SSLHostConfig>
    </Connector>

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
         This connector uses the APR/native implementation which always uses
         OpenSSL for TLS.
         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
         configuration is used below.
    -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    -->



    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />


    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine name="Catalina" defaultHost="localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

第三步:去掉8443端口

上面配置文件已经把8443端口去掉了。如果想改回来,只要把截图中的443更换为8443端口,或者其它你想要的端口号。

image.png

image.png

第四步:http自动重定向到https

tomcat conf目录下的web.xml末尾加上如下配置:

<security-constraint>

    <web-resource-collection >
              <web-resource-name >SSL</web-resource-name>
              <url-pattern>/*</url-pattern>
       </web-resource-collection>
 
       <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
 
</security-constraint>

前提是Http和Https都可正常访问的情况下。

原文地址:https://www.jianshu.com/p/bdaee39f6678

相关文章
|
20天前
|
Docker 容器
在docker中安装zookeeper,并且阿里云服务器配置
在docker中安装zookeeper,并且阿里云服务器配置
89 1
|
20天前
|
NoSQL Redis Docker
在docker中安装redis,并且阿里云服务器配置
在docker中安装redis,并且阿里云服务器配置
100 1
|
21天前
|
Kubernetes 持续交付 容器
云效代码仓库问题之链接获取如何解决
云效镜像是指存储在阿里云效服务中的容器镜像,它们可以用于持续集成和持续部署(CI/CD)流程中;本合集将介绍如何在云效平台上管理和使用镜像资源,以及常见的镜像问题和解决办法。
71 0
云效代码仓库问题之链接获取如何解决
|
1天前
|
弹性计算 数据中心
阿里云香港服务器多少钱?阿里云香港服务器介绍及价格配置介绍
阿里云香港服务器中国香港数据中心网络线路类型BGP多线精品,中国电信CN2高速网络高质量、大规格BGP带宽,运营商精品公网直连中国内地,时延更低,优化海外回中国内地流量的公网线路,可以提高国际业务访问质量。阿里云百科来详细介绍阿里云香港云服务器:
|
5天前
|
弹性计算 数据处理 云计算
阿里云2核4G云服务器多少钱?2024年阿里云2核4G云服务器价格配置介绍
阿里云2核4G云服务器多少钱?2024年阿里云2核4G云服务器价格配置介绍。在云计算的时代,云服务器已经成为了许多企业和个人的首选。它不仅能够为我们提供稳定、高效的计算服务,还能够按需扩展,满足不同的业务需求。而在众多的云服务提供商中,阿里云以其卓越的性能和合理的价格,受到了广大用户的青睐。
|
5天前
|
弹性计算 云计算
2核8G服务器价格多少一年?2024年阿里云2核8G配置服务器年付652元
在云计算服务的市场中,阿里云凭借其出色的性能和稳定的品质,赢得了广大用户的信赖。近日,阿里云再次推出了一款极具性价比的云服务器产品,引起了市场的广泛关注。
|
5天前
|
存储 弹性计算 数据库
4核8G服务器多少钱?2024年阿里云4核8G服务器价格配置详解
在云计算的时代,服务器资源已成为企业和个人不可或缺的一部分。对于许多正在寻找高性能且价格合理的服务器解决方案的用户来说,阿里云的最新优惠活动无疑是一个福音。此次活动,阿里云推出了一系列令人瞩目的优惠,其中最受关注的莫过于4核8G通用算力型u1实例云服务器ECS,这款高性能服务器的价格竟然如此亲民!
|
12天前
|
弹性计算 大数据 测试技术
2024年阿里云便宜云服务器价格出炉:99元、61元、199元、26元多配置报价
2024年阿里云便宜云服务器价格出炉:99元、61元、199元、26元多配置报价,2024年阿里云服务器租用价格表更新,云服务器ECS经济型e实例2核2G、3M固定带宽99元一年、ECS u1实例2核4G、5M固定带宽、80G ESSD Entry盘优惠价格199元一年,轻量应用服务器2核2G3M带宽轻量服务器一年61元、2核4G4M带宽轻量服务器一年165元12个月、2核4G服务器30元3个月,幻兽帕鲁4核16G和8核32G服务器配置,云服务器ECS可以选择经济型e实例、通用算力u1实例、ECS计算型c7、通用型g7、c8i、g8i等企业级实例规格。阿里云百科分享阿里云服务器租用费用最新报价
102 3
|
12天前
|
弹性计算 大数据 测试技术
2月报价:阿里云服务器租用价格表,多配置报价明细
2月报价:阿里云服务器租用价格表,多配置报价明细,2024年阿里云服务器租用价格表更新,云服务器ECS经济型e实例2核2G、3M固定带宽99元一年、ECS u1实例2核4G、5M固定带宽、80G ESSD Entry盘优惠价格199元一年
|
20天前
|
Docker 容器
在docker中安装dubbo-admin,并且阿里云服务器配置
在docker中安装dubbo-admin,并且阿里云服务器配置
73 1